import libgcrypt-1.8.5-4.el8
This commit is contained in:
parent
a449de636b
commit
96daea1e33
2
.gitignore
vendored
2
.gitignore
vendored
@ -1 +1 @@
|
|||||||
SOURCES/libgcrypt-1.8.3-hobbled.tar.xz
|
SOURCES/libgcrypt-1.8.5-hobbled.tar.xz
|
||||||
|
@ -1 +1 @@
|
|||||||
e89427b41b148a28583825079d45a7a64234fdbf SOURCES/libgcrypt-1.8.3-hobbled.tar.xz
|
1edcc623a15ed87ff832e021b4cb77fd94eb66c9 SOURCES/libgcrypt-1.8.5-hobbled.tar.xz
|
||||||
|
@ -1057,7 +1057,7 @@ _gcry_ecc_get_mpi (const char *name, mpi_ec_t ec, int copy)
|
|||||||
if (!strcmp (name, "q.x") && ec->Q && ec->Q->x)
|
if (!strcmp (name, "q.x") && ec->Q && ec->Q->x)
|
||||||
return mpi_is_const (ec->Q->x) && !copy? ec->Q->x : mpi_copy (ec->Q->x);
|
return mpi_is_const (ec->Q->x) && !copy? ec->Q->x : mpi_copy (ec->Q->x);
|
||||||
if (!strcmp (name, "q.y") && ec->Q && ec->Q->y)
|
if (!strcmp (name, "q.y") && ec->Q && ec->Q->y)
|
||||||
return mpi_is_const (ec->G->y) && !copy? ec->Q->y : mpi_copy (ec->Q->y);
|
return mpi_is_const (ec->Q->y) && !copy? ec->Q->y : mpi_copy (ec->Q->y);
|
||||||
|
|
||||||
/* If the base point has been requested, return it in standard
|
/* If the base point has been requested, return it in standard
|
||||||
encoding. */
|
encoding. */
|
||||||
|
@ -1,115 +0,0 @@
|
|||||||
diff -up libgcrypt-1.8.0/cipher/dsa.c.tests libgcrypt-1.8.0/cipher/dsa.c
|
|
||||||
--- libgcrypt-1.8.0/cipher/dsa.c.tests 2016-04-07 17:30:08.000000000 +0200
|
|
||||||
+++ libgcrypt-1.8.0/cipher/dsa.c 2017-08-15 15:10:39.551600227 +0200
|
|
||||||
@@ -457,11 +457,22 @@ generate_fips186 (DSA_secret_key *sk, un
|
|
||||||
&prime_q, &prime_p,
|
|
||||||
r_counter,
|
|
||||||
r_seed, r_seedlen);
|
|
||||||
- else
|
|
||||||
- ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0,
|
|
||||||
+ else if (!domain->p || !domain->q)
|
|
||||||
+ ec = _gcry_generate_fips186_3_prime (nbits, qbits,
|
|
||||||
+ initial_seed.seed,
|
|
||||||
+ initial_seed.seedlen,
|
|
||||||
&prime_q, &prime_p,
|
|
||||||
r_counter,
|
|
||||||
r_seed, r_seedlen, NULL);
|
|
||||||
+ else
|
|
||||||
+ {
|
|
||||||
+ /* Domain parameters p and q are given; use them. */
|
|
||||||
+ prime_p = mpi_copy (domain->p);
|
|
||||||
+ prime_q = mpi_copy (domain->q);
|
|
||||||
+ gcry_assert (mpi_get_nbits (prime_p) == nbits);
|
|
||||||
+ gcry_assert (mpi_get_nbits (prime_q) == qbits);
|
|
||||||
+ ec = 0;
|
|
||||||
+ }
|
|
||||||
sexp_release (initial_seed.sexp);
|
|
||||||
if (ec)
|
|
||||||
goto leave;
|
|
||||||
@@ -855,13 +866,12 @@ dsa_generate (const gcry_sexp_t genparms
|
|
||||||
sexp_release (l1);
|
|
||||||
sexp_release (domainsexp);
|
|
||||||
|
|
||||||
- /* Check that all domain parameters are available. */
|
|
||||||
- if (!domain.p || !domain.q || !domain.g)
|
|
||||||
+ /* Check that p and q domain parameters are available. */
|
|
||||||
+ if (!domain.p || !domain.q || (!domain.g && !(flags & PUBKEY_FLAG_USE_FIPS186)))
|
|
||||||
{
|
|
||||||
_gcry_mpi_release (domain.p);
|
|
||||||
_gcry_mpi_release (domain.q);
|
|
||||||
_gcry_mpi_release (domain.g);
|
|
||||||
- sexp_release (deriveparms);
|
|
||||||
return GPG_ERR_MISSING_VALUE;
|
|
||||||
}
|
|
||||||
|
|
||||||
diff -up libgcrypt-1.8.0/cipher/rsa.c.tests libgcrypt-1.8.0/cipher/rsa.c
|
|
||||||
--- libgcrypt-1.8.0/cipher/rsa.c.tests 2017-07-06 10:21:36.000000000 +0200
|
|
||||||
+++ libgcrypt-1.8.0/cipher/rsa.c 2017-08-15 15:10:39.551600227 +0200
|
|
||||||
@@ -696,7 +696,7 @@ generate_x931 (RSA_secret_key *sk, unsig
|
|
||||||
|
|
||||||
*swapped = 0;
|
|
||||||
|
|
||||||
- if (e_value == 1) /* Alias for a secure value. */
|
|
||||||
+ if (e_value == 1 || e_value == 0) /* Alias for a secure value. */
|
|
||||||
e_value = 65537;
|
|
||||||
|
|
||||||
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */
|
|
||||||
diff -up libgcrypt-1.8.0/tests/keygen.c.tests libgcrypt-1.8.0/tests/keygen.c
|
|
||||||
--- libgcrypt-1.8.0/tests/keygen.c.tests 2017-08-15 15:10:39.551600227 +0200
|
|
||||||
+++ libgcrypt-1.8.0/tests/keygen.c 2017-08-15 15:16:05.433176171 +0200
|
|
||||||
@@ -200,11 +200,11 @@ check_rsa_keys (void)
|
|
||||||
|
|
||||||
|
|
||||||
if (verbose)
|
|
||||||
- info ("creating 512 bit RSA key with e=257\n");
|
|
||||||
+ info ("creating 1024 bit RSA key with e=257\n");
|
|
||||||
rc = gcry_sexp_new (&keyparm,
|
|
||||||
"(genkey\n"
|
|
||||||
" (rsa\n"
|
|
||||||
- " (nbits 3:512)\n"
|
|
||||||
+ " (nbits 4:1024)\n"
|
|
||||||
" (rsa-use-e 3:257)\n"
|
|
||||||
" ))", 0, 1);
|
|
||||||
if (rc)
|
|
||||||
@@ -225,11 +225,11 @@ check_rsa_keys (void)
|
|
||||||
gcry_sexp_release (key);
|
|
||||||
|
|
||||||
if (verbose)
|
|
||||||
- info ("creating 512 bit RSA key with default e\n");
|
|
||||||
+ info ("creating 1024 bit RSA key with default e\n");
|
|
||||||
rc = gcry_sexp_new (&keyparm,
|
|
||||||
"(genkey\n"
|
|
||||||
" (rsa\n"
|
|
||||||
- " (nbits 3:512)\n"
|
|
||||||
+ " (nbits 4:1024)\n"
|
|
||||||
" (rsa-use-e 1:0)\n"
|
|
||||||
" ))", 0, 1);
|
|
||||||
if (rc)
|
|
||||||
@@ -309,12 +309,12 @@ check_dsa_keys (void)
|
|
||||||
}
|
|
||||||
|
|
||||||
if (verbose)
|
|
||||||
- info ("creating 1536 bit DSA key\n");
|
|
||||||
+ info ("creating 2048 bit DSA key\n");
|
|
||||||
rc = gcry_sexp_new (&keyparm,
|
|
||||||
"(genkey\n"
|
|
||||||
" (dsa\n"
|
|
||||||
- " (nbits 4:1536)\n"
|
|
||||||
- " (qbits 3:224)\n"
|
|
||||||
+ " (nbits 4:2048)\n"
|
|
||||||
+ " (qbits 3:256)\n"
|
|
||||||
" ))", 0, 1);
|
|
||||||
if (rc)
|
|
||||||
die ("error creating S-expression: %s\n", gpg_strerror (rc));
|
|
||||||
diff -up libgcrypt-1.8.0/tests/pubkey.c.tests libgcrypt-1.8.0/tests/pubkey.c
|
|
||||||
--- libgcrypt-1.8.0/tests/pubkey.c.tests 2017-01-18 15:24:25.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.0/tests/pubkey.c 2017-08-15 15:10:39.552600207 +0200
|
|
||||||
@@ -595,7 +595,7 @@ get_dsa_key_fips186_with_seed_new (gcry_
|
|
||||||
" (use-fips186)"
|
|
||||||
" (transient-key)"
|
|
||||||
" (derive-parms"
|
|
||||||
- " (seed #0cb1990c1fd3626055d7a0096f8fa99807399871#))))",
|
|
||||||
+ " (seed #8b4c4d671fff82e8ed932260206d0571e3a1c2cee8cd94cb73fe58f9b67488fa#))))",
|
|
||||||
0, 1);
|
|
||||||
if (rc)
|
|
||||||
die ("error creating S-expression: %s\n", gcry_strerror (rc));
|
|
@ -1,196 +1,7 @@
|
|||||||
diff -up libgcrypt-1.8.3/cipher/md.c.fips-ctor libgcrypt-1.8.3/cipher/md.c
|
|
||||||
--- libgcrypt-1.8.3/cipher/md.c.fips-ctor 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.3/cipher/md.c 2018-07-12 13:24:54.088403006 +0200
|
|
||||||
@@ -411,11 +411,8 @@ md_enable (gcry_md_hd_t hd, int algorith
|
|
||||||
|
|
||||||
if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())
|
|
||||||
{
|
|
||||||
- _gcry_inactivate_fips_mode ("MD5 used");
|
|
||||||
if (_gcry_enforced_fips_mode () )
|
|
||||||
{
|
|
||||||
- /* We should never get to here because we do not register
|
|
||||||
- MD5 in enforced fips mode. But better throw an error. */
|
|
||||||
err = GPG_ERR_DIGEST_ALGO;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
diff -up libgcrypt-1.8.3/src/fips.c.fips-ctor libgcrypt-1.8.3/src/fips.c
|
|
||||||
--- libgcrypt-1.8.3/src/fips.c.fips-ctor 2018-07-12 13:24:54.075402698 +0200
|
|
||||||
+++ libgcrypt-1.8.3/src/fips.c 2018-07-12 13:24:54.088403006 +0200
|
|
||||||
@@ -91,6 +91,31 @@ static void fips_new_state (enum module_
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
+/* Initialize the FSM lock - this function may only
|
|
||||||
+ be called once and is intended to be run from the library
|
|
||||||
+ constructor */
|
|
||||||
+void
|
|
||||||
+_gcry_initialize_fsm_lock (void)
|
|
||||||
+{
|
|
||||||
+ gpg_error_t err;
|
|
||||||
+ /* Intitialize the lock to protect the FSM. */
|
|
||||||
+ err = gpgrt_lock_init (&fsm_lock);
|
|
||||||
+ if (err)
|
|
||||||
+ {
|
|
||||||
+ /* If that fails we can't do anything but abort the
|
|
||||||
+ process. We need to use log_info so that the FSM won't
|
|
||||||
+ get involved. */
|
|
||||||
+ log_info ("FATAL: failed to create the FSM lock in libgcrypt: %s\n",
|
|
||||||
+ gpg_strerror (err));
|
|
||||||
+#ifdef HAVE_SYSLOG
|
|
||||||
+ syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
|
|
||||||
+ "creating FSM lock failed: %s - abort",
|
|
||||||
+ gpg_strerror (err));
|
|
||||||
+#endif /*HAVE_SYSLOG*/
|
|
||||||
+ abort ();
|
|
||||||
+ }
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
/* Check whether the OS is in FIPS mode and record that in a module
|
|
||||||
local variable. If FORCE is passed as true, fips mode will be
|
|
||||||
enabled anyway. Note: This function is not thread-safe and should
|
|
||||||
@@ -100,7 +125,6 @@ void
|
|
||||||
_gcry_initialize_fips_mode (int force)
|
|
||||||
{
|
|
||||||
static int done;
|
|
||||||
- gpg_error_t err;
|
|
||||||
|
|
||||||
/* Make sure we are not accidentally called twice. */
|
|
||||||
if (done)
|
|
||||||
@@ -179,24 +203,6 @@ _gcry_initialize_fips_mode (int force)
|
|
||||||
/* Yes, we are in FIPS mode. */
|
|
||||||
FILE *fp;
|
|
||||||
|
|
||||||
- /* Intitialize the lock to protect the FSM. */
|
|
||||||
- err = gpgrt_lock_init (&fsm_lock);
|
|
||||||
- if (err)
|
|
||||||
- {
|
|
||||||
- /* If that fails we can't do anything but abort the
|
|
||||||
- process. We need to use log_info so that the FSM won't
|
|
||||||
- get involved. */
|
|
||||||
- log_info ("FATAL: failed to create the FSM lock in libgcrypt: %s\n",
|
|
||||||
- gpg_strerror (err));
|
|
||||||
-#ifdef HAVE_SYSLOG
|
|
||||||
- syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
|
|
||||||
- "creating FSM lock failed: %s - abort",
|
|
||||||
- gpg_strerror (err));
|
|
||||||
-#endif /*HAVE_SYSLOG*/
|
|
||||||
- abort ();
|
|
||||||
- }
|
|
||||||
-
|
|
||||||
-
|
|
||||||
/* If the FIPS force files exists, is readable and has a number
|
|
||||||
!= 0 on its first line, we enable the enforced fips mode. */
|
|
||||||
fp = fopen (FIPS_FORCE_FILE, "r");
|
|
||||||
@@ -359,16 +365,20 @@ _gcry_fips_is_operational (void)
|
|
||||||
{
|
|
||||||
int result;
|
|
||||||
|
|
||||||
- if (!fips_mode ())
|
|
||||||
+ lock_fsm ();
|
|
||||||
+ if (current_state == STATE_POWERON && !fips_mode ())
|
|
||||||
+ /* If we are at this point in POWERON state it means the FIPS
|
|
||||||
+ module installation was not completed. (/etc/system-fips
|
|
||||||
+ is not present.) */
|
|
||||||
result = 1;
|
|
||||||
else
|
|
||||||
{
|
|
||||||
- lock_fsm ();
|
|
||||||
- if (current_state == STATE_INIT)
|
|
||||||
+ if (current_state == STATE_INIT || current_state == STATE_SELFTEST)
|
|
||||||
{
|
|
||||||
- /* If we are still in the INIT state, we need to run the
|
|
||||||
- selftests so that the FSM can eventually get into
|
|
||||||
- operational state. Given that we would need a 2-phase
|
|
||||||
+ /* If we are still in the INIT (or SELFTEST) state,
|
|
||||||
+ we need to run (or finish) the selftests so
|
|
||||||
+ that the FSM can eventually get into operational
|
|
||||||
+ state. Given that we would need a 2-phase
|
|
||||||
initialization of libgcrypt, but that has traditionally
|
|
||||||
not been enforced, we use this on demand self-test
|
|
||||||
checking. Note that Proper applications would do the
|
|
||||||
@@ -384,9 +394,11 @@ _gcry_fips_is_operational (void)
|
|
||||||
lock_fsm ();
|
|
||||||
}
|
|
||||||
|
|
||||||
- result = (current_state == STATE_OPERATIONAL);
|
|
||||||
- unlock_fsm ();
|
|
||||||
+ result = (current_state == STATE_OPERATIONAL) || !fips_mode ();
|
|
||||||
+ /* We always run the selftests but ignore the result
|
|
||||||
+ in non-FIPS mode. */
|
|
||||||
}
|
|
||||||
+ unlock_fsm ();
|
|
||||||
return result;
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -709,9 +721,25 @@ _gcry_fips_run_selftests (int extended)
|
|
||||||
{
|
|
||||||
enum module_states result = STATE_ERROR;
|
|
||||||
gcry_err_code_t ec = GPG_ERR_SELFTEST_FAILED;
|
|
||||||
+ int in_poweron;
|
|
||||||
|
|
||||||
- if (fips_mode ())
|
|
||||||
- fips_new_state (STATE_SELFTEST);
|
|
||||||
+ lock_fsm ();
|
|
||||||
+ in_poweron = (current_state == STATE_POWERON);
|
|
||||||
+ unlock_fsm ();
|
|
||||||
+
|
|
||||||
+ fips_new_state (STATE_SELFTEST);
|
|
||||||
+
|
|
||||||
+ /* We first check the integrity of the binary.
|
|
||||||
+ If run from the constructor we are in POWERON state,
|
|
||||||
+ we return and finish the remaining selftests before
|
|
||||||
+ real use of the library. It will be in the POWERON
|
|
||||||
+ state meanwhile. */
|
|
||||||
+ if (in_poweron)
|
|
||||||
+ if (check_binary_integrity ())
|
|
||||||
+ goto leave;
|
|
||||||
+
|
|
||||||
+ if (in_poweron)
|
|
||||||
+ return 0;
|
|
||||||
|
|
||||||
if (run_cipher_selftests (extended))
|
|
||||||
goto leave;
|
|
||||||
@@ -730,18 +758,12 @@ _gcry_fips_run_selftests (int extended)
|
|
||||||
if (run_pubkey_selftests (extended))
|
|
||||||
goto leave;
|
|
||||||
|
|
||||||
- /* Now check the integrity of the binary. We do this this after
|
|
||||||
- having checked the HMAC code. */
|
|
||||||
- if (check_binary_integrity ())
|
|
||||||
- goto leave;
|
|
||||||
-
|
|
||||||
/* All selftests passed. */
|
|
||||||
result = STATE_OPERATIONAL;
|
|
||||||
ec = 0;
|
|
||||||
|
|
||||||
leave:
|
|
||||||
- if (fips_mode ())
|
|
||||||
- fips_new_state (result);
|
|
||||||
+ fips_new_state (result);
|
|
||||||
|
|
||||||
return ec;
|
|
||||||
}
|
|
||||||
@@ -797,6 +819,7 @@ fips_new_state (enum module_states new_s
|
|
||||||
{
|
|
||||||
case STATE_POWERON:
|
|
||||||
if (new_state == STATE_INIT
|
|
||||||
+ || new_state == STATE_SELFTEST
|
|
||||||
|| new_state == STATE_ERROR
|
|
||||||
|| new_state == STATE_FATALERROR)
|
|
||||||
ok = 1;
|
|
||||||
@@ -811,6 +834,8 @@ fips_new_state (enum module_states new_s
|
|
||||||
|
|
||||||
case STATE_SELFTEST:
|
|
||||||
if (new_state == STATE_OPERATIONAL
|
|
||||||
+ || new_state == STATE_INIT
|
|
||||||
+ || new_state == STATE_SELFTEST
|
|
||||||
|| new_state == STATE_ERROR
|
|
||||||
|| new_state == STATE_FATALERROR)
|
|
||||||
ok = 1;
|
|
||||||
diff -up libgcrypt-1.8.3/src/global.c.fips-ctor libgcrypt-1.8.3/src/global.c
|
diff -up libgcrypt-1.8.3/src/global.c.fips-ctor libgcrypt-1.8.3/src/global.c
|
||||||
--- libgcrypt-1.8.3/src/global.c.fips-ctor 2017-11-23 19:25:58.000000000 +0100
|
--- libgcrypt-1.8.3/src/global.c.fips-ctor 2017-11-23 19:25:58.000000000 +0100
|
||||||
+++ libgcrypt-1.8.3/src/global.c 2018-07-17 19:15:43.933827112 +0200
|
+++ libgcrypt-1.8.3/src/global.c 2020-04-17 16:29:59.258218015 +0200
|
||||||
@@ -141,6 +141,29 @@ global_init (void)
|
@@ -141,6 +141,34 @@ global_init (void)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -202,25 +13,30 @@ diff -up libgcrypt-1.8.3/src/global.c.fips-ctor libgcrypt-1.8.3/src/global.c
|
|||||||
+{
|
+{
|
||||||
+ int rv;
|
+ int rv;
|
||||||
+
|
+
|
||||||
+ /* We always need the FSM lock to be functional. */
|
|
||||||
+ _gcry_initialize_fsm_lock ();
|
|
||||||
+
|
|
||||||
+ rv = access (FIPS_MODULE_PATH, F_OK);
|
+ rv = access (FIPS_MODULE_PATH, F_OK);
|
||||||
+ if (rv < 0 && errno != ENOENT)
|
+ if (rv < 0 && errno != ENOENT)
|
||||||
+ rv = 0;
|
+ rv = 0;
|
||||||
+
|
+
|
||||||
+ if (!rv)
|
+ if (!rv)
|
||||||
+ {
|
+ {
|
||||||
+ /* We run the integrity check at this point. The remaining
|
+ int no_secmem_save;
|
||||||
+ selftests are run before use of the library by application. */
|
+
|
||||||
|
+ /* it should be always 0 at this point but let's keep on the safe side */
|
||||||
|
+ no_secmem_save = no_secure_memory;
|
||||||
|
+ no_secure_memory = 1;
|
||||||
|
+ /* force selftests */
|
||||||
|
+ global_init();
|
||||||
+ _gcry_fips_run_selftests (0);
|
+ _gcry_fips_run_selftests (0);
|
||||||
|
+ if (!fips_mode())
|
||||||
|
+ _gcry_random_close_fds ();
|
||||||
|
+ no_secure_memory = no_secmem_save;
|
||||||
+ }
|
+ }
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
/* This function is called by the macro fips_is_operational and makes
|
/* This function is called by the macro fips_is_operational and makes
|
||||||
sure that the minimal initialization has been done. This is far
|
sure that the minimal initialization has been done. This is far
|
||||||
from a perfect solution and hides problems with an improper
|
from a perfect solution and hides problems with an improper
|
||||||
@@ -671,8 +694,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
@@ -671,8 +699,7 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
||||||
|
|
||||||
case GCRYCTL_FIPS_MODE_P:
|
case GCRYCTL_FIPS_MODE_P:
|
||||||
if (fips_mode ()
|
if (fips_mode ()
|
||||||
@ -230,7 +46,7 @@ diff -up libgcrypt-1.8.3/src/global.c.fips-ctor libgcrypt-1.8.3/src/global.c
|
|||||||
rc = GPG_ERR_GENERAL; /* Used as TRUE value */
|
rc = GPG_ERR_GENERAL; /* Used as TRUE value */
|
||||||
break;
|
break;
|
||||||
|
|
||||||
@@ -749,9 +771,9 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
@@ -749,9 +776,9 @@ _gcry_vcontrol (enum gcry_ctl_cmds cmd,
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case GCRYCTL_SET_ENFORCED_FIPS_FLAG:
|
case GCRYCTL_SET_ENFORCED_FIPS_FLAG:
|
||||||
@ -242,15 +58,3 @@ diff -up libgcrypt-1.8.3/src/global.c.fips-ctor libgcrypt-1.8.3/src/global.c
|
|||||||
_gcry_set_preferred_rng_type (0);
|
_gcry_set_preferred_rng_type (0);
|
||||||
_gcry_set_enforced_fips_mode ();
|
_gcry_set_enforced_fips_mode ();
|
||||||
}
|
}
|
||||||
diff -up libgcrypt-1.8.3/src/g10lib.h.fips-ctor libgcrypt-1.8.3/src/g10lib.h
|
|
||||||
--- libgcrypt-1.8.3/src/g10lib.h.fips-ctor 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.3/src/g10lib.h 2018-07-12 13:24:54.089403030 +0200
|
|
||||||
@@ -422,6 +422,8 @@ gpg_err_code_t _gcry_sexp_vextract_param
|
|
||||||
|
|
||||||
/*-- fips.c --*/
|
|
||||||
|
|
||||||
+void _gcry_initialize_fsm_lock (void);
|
|
||||||
+
|
|
||||||
void _gcry_initialize_fips_mode (int force);
|
|
||||||
|
|
||||||
int _gcry_fips_mode (void);
|
|
||||||
|
@ -1,101 +0,0 @@
|
|||||||
diff -up libgcrypt-1.8.3/random/random.c.getrandom libgcrypt-1.8.3/random/random.c
|
|
||||||
--- libgcrypt-1.8.3/random/random.c.getrandom 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.3/random/random.c 2018-07-10 15:38:34.303855808 +0200
|
|
||||||
@@ -110,8 +110,8 @@ _gcry_random_read_conf (void)
|
|
||||||
unsigned int result = 0;
|
|
||||||
|
|
||||||
fp = fopen (fname, "r");
|
|
||||||
- if (!fp)
|
|
||||||
- return result;
|
|
||||||
+ if (!fp) /* We make only_urandom the default. */
|
|
||||||
+ return RANDOM_CONF_ONLY_URANDOM;
|
|
||||||
|
|
||||||
for (;;)
|
|
||||||
{
|
|
||||||
diff -up libgcrypt-1.8.3/random/random-csprng.c.getrandom libgcrypt-1.8.3/random/random-csprng.c
|
|
||||||
--- libgcrypt-1.8.3/random/random-csprng.c.getrandom 2017-11-23 19:16:58.000000000 +0100
|
|
||||||
+++ libgcrypt-1.8.3/random/random-csprng.c 2018-06-14 16:31:04.731179208 +0200
|
|
||||||
@@ -55,6 +55,10 @@
|
|
||||||
#ifdef __MINGW32__
|
|
||||||
#include <process.h>
|
|
||||||
#endif
|
|
||||||
+#if defined(__linux__) && defined(HAVE_SYSCALL)
|
|
||||||
+# include <sys/syscall.h>
|
|
||||||
+# include <linux/random.h>
|
|
||||||
+#endif
|
|
||||||
#include "g10lib.h"
|
|
||||||
#include "random.h"
|
|
||||||
#include "rand-internal.h"
|
|
||||||
@@ -1116,6 +1120,22 @@ getfnc_gather_random (void))(void (*)(co
|
|
||||||
enum random_origins, size_t, int);
|
|
||||||
|
|
||||||
#if USE_RNDLINUX
|
|
||||||
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
|
|
||||||
+ long ret;
|
|
||||||
+ char buffer[1];
|
|
||||||
+
|
|
||||||
+ _gcry_pre_syscall ();
|
|
||||||
+ ret = syscall (__NR_getrandom,
|
|
||||||
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
|
|
||||||
+ _gcry_post_syscall ();
|
|
||||||
+ if (ret != -1 || errno != ENOSYS)
|
|
||||||
+ {
|
|
||||||
+ fnc = _gcry_rndlinux_gather_random;
|
|
||||||
+ return fnc;
|
|
||||||
+ }
|
|
||||||
+ else
|
|
||||||
+ /* The syscall is not supported - fallback to /dev/urandom. */
|
|
||||||
+#endif
|
|
||||||
if ( !access (NAME_OF_DEV_RANDOM, R_OK)
|
|
||||||
&& !access (NAME_OF_DEV_URANDOM, R_OK))
|
|
||||||
{
|
|
||||||
diff -up libgcrypt-1.8.3/random/rndlinux.c.getrandom libgcrypt-1.8.3/random/rndlinux.c
|
|
||||||
--- libgcrypt-1.8.3/random/rndlinux.c.getrandom 2018-06-14 16:31:04.722178971 +0200
|
|
||||||
+++ libgcrypt-1.8.3/random/rndlinux.c 2018-07-10 15:55:03.301075155 +0200
|
|
||||||
@@ -35,6 +35,7 @@
|
|
||||||
#include <poll.h>
|
|
||||||
#if defined(__linux__) && defined(HAVE_SYSCALL)
|
|
||||||
# include <sys/syscall.h>
|
|
||||||
+# include <linux/random.h>
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include "types.h"
|
|
||||||
@@ -204,6 +205,18 @@ _gcry_rndlinux_gather_random (void (*add
|
|
||||||
{
|
|
||||||
if (fd_urandom == -1)
|
|
||||||
{
|
|
||||||
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
|
|
||||||
+ long ret;
|
|
||||||
+
|
|
||||||
+ _gcry_pre_syscall ();
|
|
||||||
+ ret = syscall (__NR_getrandom,
|
|
||||||
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
|
|
||||||
+ _gcry_post_syscall ();
|
|
||||||
+ if (ret > -1 || errno == EAGAIN || errno == EINTR)
|
|
||||||
+ fd_urandom = -2;
|
|
||||||
+ else
|
|
||||||
+ /* The syscall is not supported - fallback to /dev/urandom. */
|
|
||||||
+#endif
|
|
||||||
fd_urandom = open_device (NAME_OF_DEV_URANDOM, (ever_opened & 2));
|
|
||||||
ever_opened |= 2;
|
|
||||||
}
|
|
||||||
@@ -230,7 +243,7 @@ _gcry_rndlinux_gather_random (void (*add
|
|
||||||
* syscall and not a new device and thus we are not able to use
|
|
||||||
* select(2) to have a timeout. */
|
|
||||||
#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
|
|
||||||
- if (fd == fd_urandom)
|
|
||||||
+ if (fd == -2)
|
|
||||||
{
|
|
||||||
long ret;
|
|
||||||
size_t nbytes;
|
|
||||||
@@ -246,9 +259,7 @@ _gcry_rndlinux_gather_random (void (*add
|
|
||||||
_gcry_post_syscall ();
|
|
||||||
}
|
|
||||||
while (ret == -1 && errno == EINTR);
|
|
||||||
- if (ret == -1 && errno == ENOSYS)
|
|
||||||
- ; /* The syscall is not supported - fallback to /dev/urandom. */
|
|
||||||
- else
|
|
||||||
+ if (1)
|
|
||||||
{ /* The syscall is supported. Some sanity checks. */
|
|
||||||
if (ret == -1)
|
|
||||||
log_fatal ("unexpected error from getrandom: %s\n",
|
|
@ -1,12 +1,18 @@
|
|||||||
diff -up libgcrypt-1.8.3/cipher/md.c.fips-enforce libgcrypt-1.8.3/cipher/md.c
|
diff -up libgcrypt-1.8.3/cipher/md.c.fips-enforce libgcrypt-1.8.3/cipher/md.c
|
||||||
--- libgcrypt-1.8.3/cipher/md.c.fips-enforce 2018-11-01 15:40:36.051865535 +0100
|
--- libgcrypt-1.8.3/cipher/md.c.fips-enforce 2017-11-23 19:16:58.000000000 +0100
|
||||||
+++ libgcrypt-1.8.3/cipher/md.c 2019-06-03 11:50:21.435401753 +0200
|
+++ libgcrypt-1.8.3/cipher/md.c 2020-04-17 15:07:31.364945130 +0200
|
||||||
@@ -409,7 +409,7 @@ md_enable (gcry_md_hd_t hd, int algorith
|
@@ -409,13 +409,10 @@ md_enable (gcry_md_hd_t hd, int algorith
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
- if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())
|
- if (!err && algorithm == GCRY_MD_MD5 && fips_mode ())
|
||||||
+ if (!err && !spec->flags.fips && fips_mode ())
|
+ if (!err && !spec->flags.fips && fips_mode ())
|
||||||
{
|
{
|
||||||
|
- _gcry_inactivate_fips_mode ("MD5 used");
|
||||||
if (_gcry_enforced_fips_mode () )
|
if (_gcry_enforced_fips_mode () )
|
||||||
{
|
{
|
||||||
|
- /* We should never get to here because we do not register
|
||||||
|
- MD5 in enforced fips mode. But better throw an error. */
|
||||||
|
err = GPG_ERR_DIGEST_ALGO;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
65
SOURCES/libgcrypt-1.8.4-fips-keygen.patch
Normal file
65
SOURCES/libgcrypt-1.8.4-fips-keygen.patch
Normal file
@ -0,0 +1,65 @@
|
|||||||
|
diff -up libgcrypt-1.8.4/cipher/dsa.c.fips-keygen libgcrypt-1.8.4/cipher/dsa.c
|
||||||
|
--- libgcrypt-1.8.4/cipher/dsa.c.fips-keygen 2017-11-23 19:16:58.000000000 +0100
|
||||||
|
+++ libgcrypt-1.8.4/cipher/dsa.c 2019-02-12 14:29:25.629513989 +0100
|
||||||
|
@@ -457,11 +457,22 @@ generate_fips186 (DSA_secret_key *sk, un
|
||||||
|
&prime_q, &prime_p,
|
||||||
|
r_counter,
|
||||||
|
r_seed, r_seedlen);
|
||||||
|
- else
|
||||||
|
- ec = _gcry_generate_fips186_3_prime (nbits, qbits, NULL, 0,
|
||||||
|
+ else if (!domain->p || !domain->q)
|
||||||
|
+ ec = _gcry_generate_fips186_3_prime (nbits, qbits,
|
||||||
|
+ initial_seed.seed,
|
||||||
|
+ initial_seed.seedlen,
|
||||||
|
&prime_q, &prime_p,
|
||||||
|
r_counter,
|
||||||
|
r_seed, r_seedlen, NULL);
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ /* Domain parameters p and q are given; use them. */
|
||||||
|
+ prime_p = mpi_copy (domain->p);
|
||||||
|
+ prime_q = mpi_copy (domain->q);
|
||||||
|
+ gcry_assert (mpi_get_nbits (prime_p) == nbits);
|
||||||
|
+ gcry_assert (mpi_get_nbits (prime_q) == qbits);
|
||||||
|
+ ec = 0;
|
||||||
|
+ }
|
||||||
|
sexp_release (initial_seed.sexp);
|
||||||
|
if (ec)
|
||||||
|
goto leave;
|
||||||
|
@@ -855,13 +866,12 @@ dsa_generate (const gcry_sexp_t genparms
|
||||||
|
sexp_release (l1);
|
||||||
|
sexp_release (domainsexp);
|
||||||
|
|
||||||
|
- /* Check that all domain parameters are available. */
|
||||||
|
- if (!domain.p || !domain.q || !domain.g)
|
||||||
|
+ /* Check that p and q domain parameters are available. */
|
||||||
|
+ if (!domain.p || !domain.q || (!domain.g && !(flags & PUBKEY_FLAG_USE_FIPS186)))
|
||||||
|
{
|
||||||
|
_gcry_mpi_release (domain.p);
|
||||||
|
_gcry_mpi_release (domain.q);
|
||||||
|
_gcry_mpi_release (domain.g);
|
||||||
|
- sexp_release (deriveparms);
|
||||||
|
return GPG_ERR_MISSING_VALUE;
|
||||||
|
}
|
||||||
|
|
||||||
|
diff -up libgcrypt-1.8.4/cipher/rsa.c.fips-keygen libgcrypt-1.8.4/cipher/rsa.c
|
||||||
|
--- libgcrypt-1.8.4/cipher/rsa.c.fips-keygen 2017-11-23 19:16:58.000000000 +0100
|
||||||
|
+++ libgcrypt-1.8.4/cipher/rsa.c 2019-02-12 14:29:25.630513971 +0100
|
||||||
|
@@ -389,7 +389,7 @@ generate_fips (RSA_secret_key *sk, unsig
|
||||||
|
|
||||||
|
if (nbits < 1024 || (nbits & 0x1FF))
|
||||||
|
return GPG_ERR_INV_VALUE;
|
||||||
|
- if (_gcry_enforced_fips_mode() && nbits != 2048 && nbits != 3072)
|
||||||
|
+ if (fips_mode() && nbits < 2048)
|
||||||
|
return GPG_ERR_INV_VALUE;
|
||||||
|
|
||||||
|
/* The random quality depends on the transient_key flag. */
|
||||||
|
@@ -696,7 +696,7 @@ generate_x931 (RSA_secret_key *sk, unsig
|
||||||
|
|
||||||
|
*swapped = 0;
|
||||||
|
|
||||||
|
- if (e_value == 1) /* Alias for a secure value. */
|
||||||
|
+ if (e_value == 1 || e_value == 0) /* Alias for a secure value. */
|
||||||
|
e_value = 65537;
|
||||||
|
|
||||||
|
/* Point 1 of section 4.1: k = 1024 + 256s with S >= 0 */
|
184
SOURCES/libgcrypt-1.8.4-tests-fipsmode.patch
Normal file
184
SOURCES/libgcrypt-1.8.4-tests-fipsmode.patch
Normal file
@ -0,0 +1,184 @@
|
|||||||
|
diff -up libgcrypt-1.8.4/tests/basic.c.tests-fipsmode libgcrypt-1.8.4/tests/basic.c
|
||||||
|
--- libgcrypt-1.8.4/tests/basic.c.tests-fipsmode 2018-04-17 17:29:40.000000000 +0200
|
||||||
|
+++ libgcrypt-1.8.4/tests/basic.c 2019-02-12 13:30:48.935791024 +0100
|
||||||
|
@@ -6964,7 +6964,7 @@ check_ciphers (void)
|
||||||
|
check_one_cipher (algos[i], GCRY_CIPHER_MODE_CTR, 0);
|
||||||
|
if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_CCM_BLOCK_LEN)
|
||||||
|
check_one_cipher (algos[i], GCRY_CIPHER_MODE_CCM, 0);
|
||||||
|
- if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_GCM_BLOCK_LEN)
|
||||||
|
+ if (!in_fips_mode && gcry_cipher_get_algo_blklen (algos[i]) == GCRY_GCM_BLOCK_LEN)
|
||||||
|
check_one_cipher (algos[i], GCRY_CIPHER_MODE_GCM, 0);
|
||||||
|
if (gcry_cipher_get_algo_blklen (algos[i]) == GCRY_OCB_BLOCK_LEN)
|
||||||
|
check_one_cipher (algos[i], GCRY_CIPHER_MODE_OCB, 0);
|
||||||
|
@@ -7010,11 +7010,17 @@ check_cipher_modes(void)
|
||||||
|
check_cfb_cipher ();
|
||||||
|
check_ofb_cipher ();
|
||||||
|
check_ccm_cipher ();
|
||||||
|
- check_gcm_cipher ();
|
||||||
|
- check_poly1305_cipher ();
|
||||||
|
- check_ocb_cipher ();
|
||||||
|
+ if (!in_fips_mode)
|
||||||
|
+ {
|
||||||
|
+ check_gcm_cipher ();
|
||||||
|
+ check_poly1305_cipher ();
|
||||||
|
+ check_ocb_cipher ();
|
||||||
|
+ }
|
||||||
|
check_xts_cipher ();
|
||||||
|
- check_gost28147_cipher ();
|
||||||
|
+ if (!in_fips_mode)
|
||||||
|
+ {
|
||||||
|
+ check_gost28147_cipher ();
|
||||||
|
+ }
|
||||||
|
check_stream_cipher ();
|
||||||
|
check_stream_cipher_large_block ();
|
||||||
|
|
||||||
|
@@ -10001,7 +10007,7 @@ check_mac (void)
|
||||||
|
show_mac_not_available (algos[i].algo);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
- if (gcry_mac_test_algo (algos[i].algo) && in_fips_mode)
|
||||||
|
+ if ((algos[i].algo == GCRY_MAC_GMAC_AES || gcry_mac_test_algo (algos[i].algo)) && in_fips_mode)
|
||||||
|
{
|
||||||
|
if (verbose)
|
||||||
|
fprintf (stderr, " algorithm %d not available in fips mode\n",
|
||||||
|
@@ -11095,8 +11101,6 @@ main (int argc, char **argv)
|
||||||
|
/* If we are in fips mode do some more tests. */
|
||||||
|
gcry_md_hd_t md;
|
||||||
|
|
||||||
|
- /* First trigger a self-test. */
|
||||||
|
- xgcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
|
||||||
|
if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
|
||||||
|
fail ("not in operational state after self-test\n");
|
||||||
|
|
||||||
|
@@ -11121,15 +11125,6 @@ main (int argc, char **argv)
|
||||||
|
gcry_md_close (md);
|
||||||
|
if (gcry_control (GCRYCTL_OPERATIONAL_P, 0))
|
||||||
|
fail ("expected error state but still in operational state\n");
|
||||||
|
- else
|
||||||
|
- {
|
||||||
|
- /* Now run a self-test and to get back into
|
||||||
|
- operational state. */
|
||||||
|
- xgcry_control (GCRYCTL_FORCE_FIPS_MODE, 0);
|
||||||
|
- if (!gcry_control (GCRYCTL_OPERATIONAL_P, 0))
|
||||||
|
- fail ("did not reach operational after error "
|
||||||
|
- "and self-test\n");
|
||||||
|
- }
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
diff -up libgcrypt-1.8.4/tests/benchmark.c.tests-fipsmode libgcrypt-1.8.4/tests/benchmark.c
|
||||||
|
--- libgcrypt-1.8.4/tests/benchmark.c.tests-fipsmode 2019-02-12 11:31:44.859603883 +0100
|
||||||
|
+++ libgcrypt-1.8.4/tests/benchmark.c 2019-02-12 14:10:40.271999352 +0100
|
||||||
|
@@ -872,8 +872,10 @@ cipher_bench ( const char *algoname )
|
||||||
|
|| (blklen == 1 && modes[modeidx].mode != GCRY_CIPHER_MODE_STREAM))
|
||||||
|
continue;
|
||||||
|
|
||||||
|
- if (modes[modeidx].req_blocksize > 0
|
||||||
|
- && blklen != modes[modeidx].req_blocksize)
|
||||||
|
+ if ((modes[modeidx].req_blocksize > 0
|
||||||
|
+ && blklen != modes[modeidx].req_blocksize)
|
||||||
|
+ || (in_fips_mode
|
||||||
|
+ && modes[modeidx].mode == GCRY_CIPHER_MODE_GCM))
|
||||||
|
{
|
||||||
|
printf (" %7s %7s", "-", "-" );
|
||||||
|
continue;
|
||||||
|
diff -up libgcrypt-1.8.4/tests/bench-slope.c.tests-fipsmode libgcrypt-1.8.4/tests/bench-slope.c
|
||||||
|
--- libgcrypt-1.8.4/tests/bench-slope.c.tests-fipsmode 2017-11-23 19:16:58.000000000 +0100
|
||||||
|
+++ libgcrypt-1.8.4/tests/bench-slope.c 2019-02-12 14:14:33.618763325 +0100
|
||||||
|
@@ -1338,7 +1338,7 @@ cipher_bench_one (int algo, struct bench
|
||||||
|
return;
|
||||||
|
|
||||||
|
/* GCM has restrictions for block-size */
|
||||||
|
- if (mode.mode == GCRY_CIPHER_MODE_GCM && blklen != GCRY_GCM_BLOCK_LEN)
|
||||||
|
+ if (mode.mode == GCRY_CIPHER_MODE_GCM && (gcry_fips_mode_active () || blklen != GCRY_GCM_BLOCK_LEN))
|
||||||
|
return;
|
||||||
|
|
||||||
|
/* XTS has restrictions for block-size */
|
||||||
|
diff -up libgcrypt-1.8.4/tests/pubkey.c.tests-fipsmode libgcrypt-1.8.4/tests/pubkey.c
|
||||||
|
--- libgcrypt-1.8.4/tests/pubkey.c.tests-fipsmode 2017-11-23 19:16:58.000000000 +0100
|
||||||
|
+++ libgcrypt-1.8.4/tests/pubkey.c 2019-02-12 13:52:25.658746415 +0100
|
||||||
|
@@ -504,15 +504,30 @@ get_dsa_key_with_domain_new (gcry_sexp_t
|
||||||
|
rc = gcry_sexp_new
|
||||||
|
(&key_spec,
|
||||||
|
"(genkey (dsa (transient-key)(domain"
|
||||||
|
- "(p #d3aed1876054db831d0c1348fbb1ada72507e5fbf9a62cbd47a63aeb7859d6921"
|
||||||
|
- "4adeb9146a6ec3f43520f0fd8e3125dd8bbc5d87405d1ac5f82073cd762a3f8d7"
|
||||||
|
- "74322657c9da88a7d2f0e1a9ceb84a39cb40876179e6a76e400498de4bb9379b0"
|
||||||
|
- "5f5feb7b91eb8fea97ee17a955a0a8a37587a272c4719d6feb6b54ba4ab69#)"
|
||||||
|
- "(q #9c916d121de9a03f71fb21bc2e1c0d116f065a4f#)"
|
||||||
|
- "(g #8157c5f68ca40b3ded11c353327ab9b8af3e186dd2e8dade98761a0996dda99ab"
|
||||||
|
- "0250d3409063ad99efae48b10c6ab2bba3ea9a67b12b911a372a2bba260176fad"
|
||||||
|
- "b4b93247d9712aad13aa70216c55da9858f7a298deb670a403eb1e7c91b847f1e"
|
||||||
|
- "ccfbd14bd806fd42cf45dbb69cd6d6b43add2a78f7d16928eaa04458dea44#)"
|
||||||
|
+ " (p #a85378d8fd3f8d72ec7418080da21317e43ec4b62ba8c862"
|
||||||
|
+ " 3b7e4d04441dd1a0658662596493ca8e9e8fbb7e34aaddb6"
|
||||||
|
+ " 2e5d67b6d09a6e61b769e7c352aa2b10e20ca0636963b552"
|
||||||
|
+ " 3e86470decbbeda027e797e7b67635d4d49c30700e74af8a"
|
||||||
|
+ " 0ff156a801af57a26e7078f1d82f74908ecb6d07e70b3503"
|
||||||
|
+ " eed94fa32cf17a7fc3d6cf40dc7b00830e6a2566dc073e34"
|
||||||
|
+ " 3312517c6aa5152b4bfecd2e551fee346318a153423c996b"
|
||||||
|
+ " 0d5dcb9102aedd38798616f1f1e0d6c403525b1f9b3d4dc7"
|
||||||
|
+ " 66de2dfc4a56d7b8ba5963d60f3e16318870ad436952e557"
|
||||||
|
+ " 65374eab85e8ec17d6b9a4547b9b5f2752f3105be809b23a"
|
||||||
|
+ " 2c8d7469db02e24d592394a7dba069e9#)"
|
||||||
|
+ " (q #d277044e50f5a4e3f510a50a0b84fdffbca047ed27602056"
|
||||||
|
+ " 7441a0a5#)"
|
||||||
|
+ " (g #13d754e21fd241655da891c522a65a72a89bdc64ec9b54a8"
|
||||||
|
+ " 21ed4a898b490e0c4fcb72192a4a20f541f3f2925399f0ba"
|
||||||
|
+ " ecf929aafbf79dfe4332393b32cd2e2fcf272f32a627434a"
|
||||||
|
+ " 0df242b75b414df372121e53a553f222f836b000f016485b"
|
||||||
|
+ " 6bd0898451801dcd8de64cd5365696ffc532d528c506620a"
|
||||||
|
+ " 942a0305046d8f1876341f1e570bc3974ba6b9a438e97023"
|
||||||
|
+ " 02a2e6e67bfd06d32bc679962271d7b40cd72f386e64e0d7"
|
||||||
|
+ " ef86ca8ca5d14228dc2a4f16e3189886b5990674f4200f3a"
|
||||||
|
+ " 4cf65a3f0ddba1fa672dff2f5e143d10e4e97ae84f6da095"
|
||||||
|
+ " 35d5b9df259181a79b63b069e949972b02ba36b3586aab7e"
|
||||||
|
+ " 45f322f82e4e85ca3ab85591b3c2a966#)"
|
||||||
|
")))", 0, 1);
|
||||||
|
if (rc)
|
||||||
|
die ("error creating S-expression: %s\n", gcry_strerror (rc));
|
||||||
|
@@ -595,7 +610,7 @@ get_dsa_key_fips186_with_seed_new (gcry_
|
||||||
|
" (use-fips186)"
|
||||||
|
" (transient-key)"
|
||||||
|
" (derive-parms"
|
||||||
|
- " (seed #0cb1990c1fd3626055d7a0096f8fa99807399871#))))",
|
||||||
|
+ " (seed #8b4c4d671fff82e8ed932260206d0571e3a1c2cee8cd94cb73fe58f9b67488fa#))))",
|
||||||
|
0, 1);
|
||||||
|
if (rc)
|
||||||
|
die ("error creating S-expression: %s\n", gcry_strerror (rc));
|
||||||
|
diff -up libgcrypt-1.8.4/tests/t-cv25519.c.tests-fipsmode libgcrypt-1.8.4/tests/t-cv25519.c
|
||||||
|
--- libgcrypt-1.8.4/tests/t-cv25519.c.tests-fipsmode 2017-11-23 19:16:58.000000000 +0100
|
||||||
|
+++ libgcrypt-1.8.4/tests/t-cv25519.c 2019-02-12 14:02:35.935705390 +0100
|
||||||
|
@@ -560,6 +560,9 @@ main (int argc, char **argv)
|
||||||
|
xgcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
|
||||||
|
xgcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
|
||||||
|
xgcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
|
||||||
|
+ /* Curve25519 isn't supported in fips mode */
|
||||||
|
+ if (gcry_fips_mode_active())
|
||||||
|
+ return 77;
|
||||||
|
|
||||||
|
start_timer ();
|
||||||
|
check_cv25519 ();
|
||||||
|
diff -up libgcrypt-1.8.4/tests/t-secmem.c.tests-fipsmode libgcrypt-1.8.4/tests/t-secmem.c
|
||||||
|
--- libgcrypt-1.8.4/tests/t-secmem.c.tests-fipsmode 2017-11-23 19:19:54.000000000 +0100
|
||||||
|
+++ libgcrypt-1.8.4/tests/t-secmem.c 2019-02-12 11:51:02.462190538 +0100
|
||||||
|
@@ -174,7 +174,8 @@ main (int argc, char **argv)
|
||||||
|
xgcry_control (GCRYCTL_SET_DEBUG_FLAGS, 1u , 0);
|
||||||
|
xgcry_control (GCRYCTL_ENABLE_QUICK_RANDOM, 0);
|
||||||
|
xgcry_control (GCRYCTL_INIT_SECMEM, pool_size, 0);
|
||||||
|
- gcry_set_outofcore_handler (outofcore_handler, NULL);
|
||||||
|
+ if (!gcry_fips_mode_active ())
|
||||||
|
+ gcry_set_outofcore_handler (outofcore_handler, NULL);
|
||||||
|
xgcry_control (GCRYCTL_INITIALIZATION_FINISHED, 0);
|
||||||
|
|
||||||
|
/* Libgcrypt prints a warning when the first overflow is allocated;
|
||||||
|
@@ -184,7 +185,8 @@ main (int argc, char **argv)
|
||||||
|
|
||||||
|
|
||||||
|
test_secmem ();
|
||||||
|
- test_secmem_overflow ();
|
||||||
|
+ if (!gcry_fips_mode_active ())
|
||||||
|
+ test_secmem_overflow ();
|
||||||
|
/* FIXME: We need to improve the tests, for example by registering
|
||||||
|
* our own log handler and comparing the output of
|
||||||
|
* PRIV_CTL_DUMP_SECMEM_STATS to expected pattern. */
|
@ -1,6 +1,6 @@
|
|||||||
diff -up libgcrypt-1.8.0/random/rndlinux.c.use-poll libgcrypt-1.8.0/random/rndlinux.c
|
diff -up libgcrypt-1.8.4/random/rndlinux.c.use-poll libgcrypt-1.8.4/random/rndlinux.c
|
||||||
--- libgcrypt-1.8.0/random/rndlinux.c.use-poll 2017-06-24 13:34:29.000000000 +0200
|
--- libgcrypt-1.8.4/random/rndlinux.c.use-poll 2018-10-26 13:50:20.000000000 +0200
|
||||||
+++ libgcrypt-1.8.0/random/rndlinux.c 2017-08-15 15:37:37.604629377 +0200
|
+++ libgcrypt-1.8.4/random/rndlinux.c 2018-11-20 15:51:56.760669058 +0100
|
||||||
@@ -32,6 +32,7 @@
|
@@ -32,6 +32,7 @@
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
@ -9,7 +9,7 @@ diff -up libgcrypt-1.8.0/random/rndlinux.c.use-poll libgcrypt-1.8.0/random/rndli
|
|||||||
#if defined(__linux__) && defined(HAVE_SYSCALL)
|
#if defined(__linux__) && defined(HAVE_SYSCALL)
|
||||||
# include <sys/syscall.h>
|
# include <sys/syscall.h>
|
||||||
#endif
|
#endif
|
||||||
@@ -216,9 +217,8 @@ _gcry_rndlinux_gather_random (void (*add
|
@@ -241,9 +242,8 @@ _gcry_rndlinux_gather_random (void (*add
|
||||||
return with something we will actually use 100ms. */
|
return with something we will actually use 100ms. */
|
||||||
while (length)
|
while (length)
|
||||||
{
|
{
|
||||||
@ -18,9 +18,9 @@ diff -up libgcrypt-1.8.0/random/rndlinux.c.use-poll libgcrypt-1.8.0/random/rndli
|
|||||||
int rc;
|
int rc;
|
||||||
+ struct pollfd pfd;
|
+ struct pollfd pfd;
|
||||||
|
|
||||||
/* If we have a modern Linux kernel and we want to read from the
|
/* If we have a modern Linux kernel, we first try to use the new
|
||||||
* the non-blocking /dev/urandom, we first try to use the new
|
* getrandom syscall. That call guarantees that the kernel's
|
||||||
@@ -276,36 +276,25 @@ _gcry_rndlinux_gather_random (void (*add
|
@@ -300,36 +300,25 @@ _gcry_rndlinux_gather_random (void (*add
|
||||||
any_need_entropy = 1;
|
any_need_entropy = 1;
|
||||||
}
|
}
|
||||||
|
|
8156
SOURCES/libgcrypt-1.8.5-aes-perf.patch
Normal file
8156
SOURCES/libgcrypt-1.8.5-aes-perf.patch
Normal file
File diff suppressed because it is too large
Load Diff
14
SOURCES/libgcrypt-1.8.5-build.patch
Normal file
14
SOURCES/libgcrypt-1.8.5-build.patch
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
diff -up libgcrypt-1.8.5/cipher/poly1305-armv7-neon.S.build libgcrypt-1.8.5/cipher/poly1305-armv7-neon.S
|
||||||
|
--- libgcrypt-1.8.5/cipher/poly1305-armv7-neon.S.build 2017-11-23 19:16:58.000000000 +0100
|
||||||
|
+++ libgcrypt-1.8.5/cipher/poly1305-armv7-neon.S 2020-01-30 17:26:12.026404286 +0100
|
||||||
|
@@ -87,9 +87,8 @@ _gcry_poly1305_armv7_neon_init_ext:
|
||||||
|
.Lpoly1305_init_ext_neon_local:
|
||||||
|
stmfd sp!, {r4-r11, lr}
|
||||||
|
sub sp, sp, #32
|
||||||
|
- mov r14, r2
|
||||||
|
+ mov r14, #-1
|
||||||
|
and r2, r2, r2
|
||||||
|
- moveq r14, #-1
|
||||||
|
UNALIGNED_LDMIA4(r1, r2, r3, r4, r5)
|
||||||
|
GET_DATA_POINTER(r7,.Lpoly1305_init_constants_neon,r8)
|
||||||
|
mov r6, r2
|
139
SOURCES/libgcrypt-1.8.5-fips-module.patch
Normal file
139
SOURCES/libgcrypt-1.8.5-fips-module.patch
Normal file
@ -0,0 +1,139 @@
|
|||||||
|
diff -up libgcrypt-1.8.5/src/fips.c.fips-module libgcrypt-1.8.5/src/fips.c
|
||||||
|
--- libgcrypt-1.8.5/src/fips.c.fips-module 2020-04-20 19:07:45.924919645 +0200
|
||||||
|
+++ libgcrypt-1.8.5/src/fips.c 2020-04-20 19:10:33.690722470 +0200
|
||||||
|
@@ -35,10 +35,6 @@
|
||||||
|
#include "hmac256.h"
|
||||||
|
|
||||||
|
|
||||||
|
-/* The name of the file used to force libgcrypt into fips mode. */
|
||||||
|
-#define FIPS_FORCE_FILE "/etc/gcrypt/fips_enabled"
|
||||||
|
-
|
||||||
|
-
|
||||||
|
/* The states of the finite state machine used in fips mode. */
|
||||||
|
enum module_states
|
||||||
|
{
|
||||||
|
@@ -122,54 +118,6 @@ _gcry_initialize_fips_mode (int force)
|
||||||
|
goto leave;
|
||||||
|
}
|
||||||
|
|
||||||
|
- /* For testing the system it is useful to override the system
|
||||||
|
- provided detection of the FIPS mode and force FIPS mode using a
|
||||||
|
- file. The filename is hardwired so that there won't be any
|
||||||
|
- confusion on whether /etc/gcrypt/ or /usr/local/etc/gcrypt/ is
|
||||||
|
- actually used. The file itself may be empty. */
|
||||||
|
- if ( !access (FIPS_FORCE_FILE, F_OK) )
|
||||||
|
- {
|
||||||
|
- gcry_assert (!no_fips_mode_required);
|
||||||
|
- goto leave;
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
- /* Checking based on /proc file properties. */
|
||||||
|
- {
|
||||||
|
- static const char procfname[] = "/proc/sys/crypto/fips_enabled";
|
||||||
|
- FILE *fp;
|
||||||
|
- int saved_errno;
|
||||||
|
-
|
||||||
|
- fp = fopen (procfname, "r");
|
||||||
|
- if (fp)
|
||||||
|
- {
|
||||||
|
- char line[256];
|
||||||
|
-
|
||||||
|
- if (fgets (line, sizeof line, fp) && atoi (line))
|
||||||
|
- {
|
||||||
|
- /* System is in fips mode. */
|
||||||
|
- fclose (fp);
|
||||||
|
- gcry_assert (!no_fips_mode_required);
|
||||||
|
- goto leave;
|
||||||
|
- }
|
||||||
|
- fclose (fp);
|
||||||
|
- }
|
||||||
|
- else if ((saved_errno = errno) != ENOENT
|
||||||
|
- && saved_errno != EACCES
|
||||||
|
- && !access ("/proc/version", F_OK) )
|
||||||
|
- {
|
||||||
|
- /* Problem reading the fips file despite that we have the proc
|
||||||
|
- file system. We better stop right away. */
|
||||||
|
- log_info ("FATAL: error reading `%s' in libgcrypt: %s\n",
|
||||||
|
- procfname, strerror (saved_errno));
|
||||||
|
-#ifdef HAVE_SYSLOG
|
||||||
|
- syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
|
||||||
|
- "reading `%s' failed: %s - abort",
|
||||||
|
- procfname, strerror (saved_errno));
|
||||||
|
-#endif /*HAVE_SYSLOG*/
|
||||||
|
- abort ();
|
||||||
|
- }
|
||||||
|
- }
|
||||||
|
-
|
||||||
|
/* Fips not not requested, set flag. */
|
||||||
|
no_fips_mode_required = 1;
|
||||||
|
|
||||||
|
diff -up libgcrypt-1.8.5/src/g10lib.h.fips-module libgcrypt-1.8.5/src/g10lib.h
|
||||||
|
--- libgcrypt-1.8.5/src/g10lib.h.fips-module 2020-04-20 19:07:45.918919759 +0200
|
||||||
|
+++ libgcrypt-1.8.5/src/g10lib.h 2020-04-20 19:11:05.003125740 +0200
|
||||||
|
@@ -422,6 +422,9 @@ gpg_err_code_t _gcry_sexp_vextract_param
|
||||||
|
|
||||||
|
/*-- fips.c --*/
|
||||||
|
|
||||||
|
+/* The name of the file used to force libgcrypt into fips mode. */
|
||||||
|
+#define FIPS_FORCE_FILE "/etc/gcrypt/fips_enabled"
|
||||||
|
+
|
||||||
|
void _gcry_initialize_fips_mode (int force);
|
||||||
|
|
||||||
|
int _gcry_fips_mode (void);
|
||||||
|
diff -up libgcrypt-1.8.5/src/global.c.fips-module libgcrypt-1.8.5/src/global.c
|
||||||
|
--- libgcrypt-1.8.5/src/global.c.fips-module 2020-04-20 19:07:45.919919741 +0200
|
||||||
|
+++ libgcrypt-1.8.5/src/global.c 2020-04-20 19:07:45.950919149 +0200
|
||||||
|
@@ -160,6 +160,53 @@ void __attribute__ ((constructor)) _gcry
|
||||||
|
rv = access (FIPS_MODULE_PATH, F_OK);
|
||||||
|
if (rv < 0 && errno != ENOENT)
|
||||||
|
rv = 0;
|
||||||
|
+
|
||||||
|
+ /* For testing the system it is useful to override the system
|
||||||
|
+ provided detection of the FIPS mode and force FIPS mode using a
|
||||||
|
+ file. The filename is hardwired so that there won't be any
|
||||||
|
+ confusion on whether /etc/gcrypt/ or /usr/local/etc/gcrypt/ is
|
||||||
|
+ actually used. The file itself may be empty. */
|
||||||
|
+ if ( !access (FIPS_FORCE_FILE, F_OK) )
|
||||||
|
+ {
|
||||||
|
+ rv = 0;
|
||||||
|
+ force_fips_mode = 1;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ /* Checking based on /proc file properties. */
|
||||||
|
+ {
|
||||||
|
+ static const char procfname[] = "/proc/sys/crypto/fips_enabled";
|
||||||
|
+ FILE *fp;
|
||||||
|
+ int saved_errno;
|
||||||
|
+
|
||||||
|
+ fp = fopen (procfname, "r");
|
||||||
|
+ if (fp)
|
||||||
|
+ {
|
||||||
|
+ char line[256];
|
||||||
|
+
|
||||||
|
+ if (fgets (line, sizeof line, fp) && atoi (line))
|
||||||
|
+ {
|
||||||
|
+ /* System is in fips mode. */
|
||||||
|
+ rv = 0;
|
||||||
|
+ force_fips_mode = 1;
|
||||||
|
+ }
|
||||||
|
+ fclose (fp);
|
||||||
|
+ }
|
||||||
|
+ else if ((saved_errno = errno) != ENOENT
|
||||||
|
+ && saved_errno != EACCES
|
||||||
|
+ && !access ("/proc/version", F_OK) )
|
||||||
|
+ {
|
||||||
|
+ /* Problem reading the fips file despite that we have the proc
|
||||||
|
+ file system. We better stop right away. */
|
||||||
|
+ log_info ("FATAL: error reading `%s' in libgcrypt: %s\n",
|
||||||
|
+ procfname, strerror (saved_errno));
|
||||||
|
+#ifdef HAVE_SYSLOG
|
||||||
|
+ syslog (LOG_USER|LOG_ERR, "Libgcrypt error: "
|
||||||
|
+ "reading `%s' failed: %s - abort",
|
||||||
|
+ procfname, strerror (saved_errno));
|
||||||
|
+#endif /*HAVE_SYSLOG*/
|
||||||
|
+ abort ();
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
|
||||||
|
if (!rv)
|
||||||
|
{
|
285
SOURCES/libgcrypt-1.8.5-getrandom.patch
Normal file
285
SOURCES/libgcrypt-1.8.5-getrandom.patch
Normal file
@ -0,0 +1,285 @@
|
|||||||
|
diff -up libgcrypt-1.8.5/random/rand-internal.h.getrandom libgcrypt-1.8.5/random/rand-internal.h
|
||||||
|
--- libgcrypt-1.8.5/random/rand-internal.h.getrandom 2017-11-23 19:16:58.000000000 +0100
|
||||||
|
+++ libgcrypt-1.8.5/random/rand-internal.h 2020-04-20 14:55:34.875949624 +0200
|
||||||
|
@@ -47,6 +47,7 @@ void _gcry_random_progress (const char *
|
||||||
|
|
||||||
|
/*-- random-csprng.c --*/
|
||||||
|
void _gcry_rngcsprng_initialize (int full);
|
||||||
|
+void _gcry_rngcsprng_deinit (void);
|
||||||
|
void _gcry_rngcsprng_close_fds (void);
|
||||||
|
void _gcry_rngcsprng_dump_stats (void);
|
||||||
|
void _gcry_rngcsprng_secure_alloc (void);
|
||||||
|
@@ -68,6 +69,7 @@ void _gcry_rngcsprng_fast_poll (void);
|
||||||
|
|
||||||
|
/*-- random-drbg.c --*/
|
||||||
|
void _gcry_rngdrbg_inititialize (int full);
|
||||||
|
+void _gcry_rngdrbg_deinit (void);
|
||||||
|
void _gcry_rngdrbg_close_fds (void);
|
||||||
|
void _gcry_rngdrbg_dump_stats (void);
|
||||||
|
int _gcry_rngdrbg_is_faked (void);
|
||||||
|
diff -up libgcrypt-1.8.5/random/random.c.getrandom libgcrypt-1.8.5/random/random.c
|
||||||
|
--- libgcrypt-1.8.5/random/random.c.getrandom 2017-11-23 19:16:58.000000000 +0100
|
||||||
|
+++ libgcrypt-1.8.5/random/random.c 2020-04-20 14:55:34.876949605 +0200
|
||||||
|
@@ -110,8 +110,8 @@ _gcry_random_read_conf (void)
|
||||||
|
unsigned int result = 0;
|
||||||
|
|
||||||
|
fp = fopen (fname, "r");
|
||||||
|
- if (!fp)
|
||||||
|
- return result;
|
||||||
|
+ if (!fp) /* We make only_urandom the default. */
|
||||||
|
+ return RANDOM_CONF_ONLY_URANDOM;
|
||||||
|
|
||||||
|
for (;;)
|
||||||
|
{
|
||||||
|
@@ -228,6 +228,22 @@ _gcry_random_initialize (int full)
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
+/* Deinitialize this random subsystem. */
|
||||||
|
+void
|
||||||
|
+_gcry_random_deinit (void)
|
||||||
|
+{
|
||||||
|
+ if (fips_mode ())
|
||||||
|
+ _gcry_rngdrbg_deinit ();
|
||||||
|
+ else if (rng_types.standard)
|
||||||
|
+ _gcry_rngcsprng_deinit ();
|
||||||
|
+ else if (rng_types.fips)
|
||||||
|
+ _gcry_rngdrbg_deinit ();
|
||||||
|
+ else
|
||||||
|
+ _gcry_rngcsprng_deinit ();
|
||||||
|
+ /* not needed for system */
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
/* If possible close file descriptors used by the RNG. */
|
||||||
|
void
|
||||||
|
_gcry_random_close_fds (void)
|
||||||
|
diff -up libgcrypt-1.8.5/random/random-csprng.c.getrandom libgcrypt-1.8.5/random/random-csprng.c
|
||||||
|
--- libgcrypt-1.8.5/random/random-csprng.c.getrandom 2017-11-23 19:16:58.000000000 +0100
|
||||||
|
+++ libgcrypt-1.8.5/random/random-csprng.c 2020-04-20 15:04:27.182877975 +0200
|
||||||
|
@@ -55,6 +55,10 @@
|
||||||
|
#ifdef __MINGW32__
|
||||||
|
#include <process.h>
|
||||||
|
#endif
|
||||||
|
+#if defined(__linux__) && defined(HAVE_SYSCALL)
|
||||||
|
+# include <sys/syscall.h>
|
||||||
|
+# include <linux/random.h>
|
||||||
|
+#endif
|
||||||
|
#include "g10lib.h"
|
||||||
|
#include "random.h"
|
||||||
|
#include "rand-internal.h"
|
||||||
|
@@ -343,6 +347,21 @@ _gcry_rngcsprng_initialize (int full)
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
+void
|
||||||
|
+_gcry_rngcsprng_deinit (void)
|
||||||
|
+{
|
||||||
|
+ lock_pool();
|
||||||
|
+ pool_writepos = 0;
|
||||||
|
+ pool_readpos = 0;
|
||||||
|
+ pool_filled = 0;
|
||||||
|
+ pool_filled_counter = 0;
|
||||||
|
+ did_initial_extra_seeding = 0;
|
||||||
|
+ pool_balance = 0;
|
||||||
|
+ just_mixed = 0;
|
||||||
|
+ unlock_pool();
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
/* Try to close the FDs of the random gather module. This is
|
||||||
|
currently only implemented for rndlinux. */
|
||||||
|
void
|
||||||
|
@@ -1116,6 +1135,22 @@ getfnc_gather_random (void))(void (*)(co
|
||||||
|
enum random_origins, size_t, int);
|
||||||
|
|
||||||
|
#if USE_RNDLINUX
|
||||||
|
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
|
||||||
|
+ long ret;
|
||||||
|
+ char buffer[1];
|
||||||
|
+
|
||||||
|
+ _gcry_pre_syscall ();
|
||||||
|
+ ret = syscall (__NR_getrandom,
|
||||||
|
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
|
||||||
|
+ _gcry_post_syscall ();
|
||||||
|
+ if (ret != -1 || errno != ENOSYS)
|
||||||
|
+ {
|
||||||
|
+ fnc = _gcry_rndlinux_gather_random;
|
||||||
|
+ return fnc;
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ /* The syscall is not supported - fallback to /dev/urandom. */
|
||||||
|
+#endif
|
||||||
|
if ( !access (NAME_OF_DEV_RANDOM, R_OK)
|
||||||
|
&& !access (NAME_OF_DEV_URANDOM, R_OK))
|
||||||
|
{
|
||||||
|
diff -up libgcrypt-1.8.5/random/random-drbg.c.getrandom libgcrypt-1.8.5/random/random-drbg.c
|
||||||
|
--- libgcrypt-1.8.5/random/random-drbg.c.getrandom 2017-11-23 19:16:58.000000000 +0100
|
||||||
|
+++ libgcrypt-1.8.5/random/random-drbg.c 2020-04-20 15:02:37.782947902 +0200
|
||||||
|
@@ -1811,6 +1811,22 @@ _gcry_rngdrbg_inititialize (int full)
|
||||||
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
+ * Deinitialize the DRBG invoked by the libgcrypt API
|
||||||
|
+ * It will be automatically re-initialized on next call
|
||||||
|
+ */
|
||||||
|
+void
|
||||||
|
+_gcry_rngdrbg_deinit (void)
|
||||||
|
+{
|
||||||
|
+ drbg_lock ();
|
||||||
|
+ if (drbg_state)
|
||||||
|
+ {
|
||||||
|
+ drbg_uninstantiate (drbg_state);
|
||||||
|
+ drbg_state = NULL;
|
||||||
|
+ }
|
||||||
|
+ drbg_unlock ();
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+/*
|
||||||
|
* Backend handler function for GCRYCTL_DRBG_REINIT
|
||||||
|
*
|
||||||
|
* Select a different DRBG type and initialize it.
|
||||||
|
diff -up libgcrypt-1.8.5/random/random.h.getrandom libgcrypt-1.8.5/random/random.h
|
||||||
|
--- libgcrypt-1.8.5/random/random.h.getrandom 2017-11-23 19:16:58.000000000 +0100
|
||||||
|
+++ libgcrypt-1.8.5/random/random.h 2020-04-20 14:55:34.877949586 +0200
|
||||||
|
@@ -29,6 +29,7 @@ void _gcry_register_random_progress (voi
|
||||||
|
|
||||||
|
void _gcry_set_preferred_rng_type (int type);
|
||||||
|
void _gcry_random_initialize (int full);
|
||||||
|
+void _gcry_random_deinit (void);
|
||||||
|
void _gcry_random_close_fds (void);
|
||||||
|
int _gcry_get_rng_type (int ignore_fips_mode);
|
||||||
|
void _gcry_random_dump_stats(void);
|
||||||
|
diff -up libgcrypt-1.8.5/random/rndlinux.c.getrandom libgcrypt-1.8.5/random/rndlinux.c
|
||||||
|
--- libgcrypt-1.8.5/random/rndlinux.c.getrandom 2020-04-20 15:01:50.159848963 +0200
|
||||||
|
+++ libgcrypt-1.8.5/random/rndlinux.c 2020-04-20 16:14:21.901610921 +0200
|
||||||
|
@@ -35,6 +35,7 @@
|
||||||
|
#include <poll.h>
|
||||||
|
#if defined(__linux__) && defined(HAVE_SYSCALL)
|
||||||
|
# include <sys/syscall.h>
|
||||||
|
+# include <linux/random.h>
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#include "types.h"
|
||||||
|
@@ -147,12 +148,12 @@ _gcry_rndlinux_gather_random (void (*add
|
||||||
|
if (!add)
|
||||||
|
{
|
||||||
|
/* Special mode to close the descriptors. */
|
||||||
|
- if (fd_random != -1)
|
||||||
|
+ if (fd_random >= 0)
|
||||||
|
{
|
||||||
|
close (fd_random);
|
||||||
|
fd_random = -1;
|
||||||
|
}
|
||||||
|
- if (fd_urandom != -1)
|
||||||
|
+ if (fd_urandom >= 0)
|
||||||
|
{
|
||||||
|
close (fd_urandom);
|
||||||
|
fd_urandom = -1;
|
||||||
|
@@ -166,12 +167,12 @@ _gcry_rndlinux_gather_random (void (*add
|
||||||
|
apid = getpid ();
|
||||||
|
if (my_pid != apid)
|
||||||
|
{
|
||||||
|
- if (fd_random != -1)
|
||||||
|
+ if (fd_random >= 0)
|
||||||
|
{
|
||||||
|
close (fd_random);
|
||||||
|
fd_random = -1;
|
||||||
|
}
|
||||||
|
- if (fd_urandom != -1)
|
||||||
|
+ if (fd_urandom >= 0)
|
||||||
|
{
|
||||||
|
close (fd_urandom);
|
||||||
|
fd_urandom = -1;
|
||||||
|
@@ -216,7 +217,23 @@ _gcry_rndlinux_gather_random (void (*add
|
||||||
|
that we always require the device to be existent but want a more
|
||||||
|
graceful behaviour if the rarely needed close operation has been
|
||||||
|
used and the device needs to be re-opened later. */
|
||||||
|
- if (level >= GCRY_VERY_STRONG_RANDOM && !only_urandom)
|
||||||
|
+#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
|
||||||
|
+ if (fd_urandom != -2 && !_gcry_in_constructor ())
|
||||||
|
+ {
|
||||||
|
+ long ret;
|
||||||
|
+
|
||||||
|
+ _gcry_pre_syscall ();
|
||||||
|
+ ret = syscall (__NR_getrandom,
|
||||||
|
+ (void*)buffer, (size_t)1, (unsigned int)GRND_NONBLOCK);
|
||||||
|
+ _gcry_post_syscall ();
|
||||||
|
+ if (ret > -1 || errno == EAGAIN || errno == EINTR)
|
||||||
|
+ {
|
||||||
|
+ fd_urandom = -2;
|
||||||
|
+ fd_random = -2;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+#endif
|
||||||
|
+ if (level >= GCRY_VERY_STRONG_RANDOM && !only_urandom && !_gcry_in_constructor ())
|
||||||
|
{
|
||||||
|
if (fd_random == -1)
|
||||||
|
{
|
||||||
|
@@ -255,6 +272,7 @@ _gcry_rndlinux_gather_random (void (*add
|
||||||
|
* syscall and not a new device and thus we are not able to use
|
||||||
|
* select(2) to have a timeout. */
|
||||||
|
#if defined(__linux__) && defined(HAVE_SYSCALL) && defined(__NR_getrandom)
|
||||||
|
+ if (fd == -2)
|
||||||
|
{
|
||||||
|
long ret;
|
||||||
|
size_t nbytes;
|
||||||
|
@@ -270,9 +288,7 @@ _gcry_rndlinux_gather_random (void (*add
|
||||||
|
_gcry_post_syscall ();
|
||||||
|
}
|
||||||
|
while (ret == -1 && errno == EINTR);
|
||||||
|
- if (ret == -1 && errno == ENOSYS)
|
||||||
|
- ; /* The syscall is not supported - fallback to pulling from fd. */
|
||||||
|
- else
|
||||||
|
+ if (1)
|
||||||
|
{ /* The syscall is supported. Some sanity checks. */
|
||||||
|
if (ret == -1)
|
||||||
|
log_fatal ("unexpected error from getrandom: %s\n",
|
||||||
|
diff -up libgcrypt-1.8.5/src/g10lib.h.getrandom libgcrypt-1.8.5/src/g10lib.h
|
||||||
|
--- libgcrypt-1.8.5/src/g10lib.h.getrandom 2020-04-20 15:08:16.528538580 +0200
|
||||||
|
+++ libgcrypt-1.8.5/src/g10lib.h 2020-04-20 15:08:28.641309399 +0200
|
||||||
|
@@ -464,6 +464,6 @@ gpg_err_code_t _gcry_fips_run_selftests
|
||||||
|
void _gcry_fips_noreturn (void);
|
||||||
|
#define fips_noreturn() (_gcry_fips_noreturn ())
|
||||||
|
|
||||||
|
-
|
||||||
|
+int _gcry_in_constructor (void);
|
||||||
|
|
||||||
|
#endif /* G10LIB_H */
|
||||||
|
diff -up libgcrypt-1.8.5/src/global.c.getrandom libgcrypt-1.8.5/src/global.c
|
||||||
|
--- libgcrypt-1.8.5/src/global.c.getrandom 2020-04-20 15:06:21.891707597 +0200
|
||||||
|
+++ libgcrypt-1.8.5/src/global.c 2020-04-20 15:07:29.018437509 +0200
|
||||||
|
@@ -145,10 +145,18 @@ global_init (void)
|
||||||
|
#define FIPS_MODULE_PATH "/etc/system-fips"
|
||||||
|
#endif
|
||||||
|
|
||||||
|
+static int in_constructor = 0;
|
||||||
|
+
|
||||||
|
+int _gcry_in_constructor(void)
|
||||||
|
+{
|
||||||
|
+ return in_constructor;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
void __attribute__ ((constructor)) _gcry_global_constructor (void)
|
||||||
|
{
|
||||||
|
int rv;
|
||||||
|
|
||||||
|
+ in_constructor = 1;
|
||||||
|
rv = access (FIPS_MODULE_PATH, F_OK);
|
||||||
|
if (rv < 0 && errno != ENOENT)
|
||||||
|
rv = 0;
|
||||||
|
@@ -163,10 +171,12 @@ void __attribute__ ((constructor)) _gcry
|
||||||
|
/* force selftests */
|
||||||
|
global_init();
|
||||||
|
_gcry_fips_run_selftests (0);
|
||||||
|
- if (!fips_mode())
|
||||||
|
- _gcry_random_close_fds ();
|
||||||
|
+ _gcry_random_close_fds ();
|
||||||
|
+ _gcry_random_deinit ();
|
||||||
|
no_secure_memory = no_secmem_save;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+ in_constructor = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* This function is called by the macro fips_is_operational and makes
|
348
SOURCES/libgcrypt-1.8.5-intel-cet.patch
Normal file
348
SOURCES/libgcrypt-1.8.5-intel-cet.patch
Normal file
@ -0,0 +1,348 @@
|
|||||||
|
diff -up libgcrypt-1.8.5/cipher/camellia-aesni-avx2-amd64.S.intel-cet libgcrypt-1.8.5/cipher/camellia-aesni-avx2-amd64.S
|
||||||
|
--- libgcrypt-1.8.5/cipher/camellia-aesni-avx2-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
||||||
|
+++ libgcrypt-1.8.5/cipher/camellia-aesni-avx2-amd64.S 2020-01-23 15:36:44.148972045 +0100
|
||||||
|
@@ -18,8 +18,9 @@
|
||||||
|
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
-#ifdef __x86_64
|
||||||
|
#include <config.h>
|
||||||
|
+
|
||||||
|
+#ifdef __x86_64
|
||||||
|
#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
|
||||||
|
defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \
|
||||||
|
defined(ENABLE_AESNI_SUPPORT) && defined(ENABLE_AVX2_SUPPORT)
|
||||||
|
diff -up libgcrypt-1.8.5/cipher/camellia-aesni-avx-amd64.S.intel-cet libgcrypt-1.8.5/cipher/camellia-aesni-avx-amd64.S
|
||||||
|
--- libgcrypt-1.8.5/cipher/camellia-aesni-avx-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
||||||
|
+++ libgcrypt-1.8.5/cipher/camellia-aesni-avx-amd64.S 2020-01-23 15:36:44.145972088 +0100
|
||||||
|
@@ -18,8 +18,9 @@
|
||||||
|
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
-#ifdef __x86_64
|
||||||
|
#include <config.h>
|
||||||
|
+
|
||||||
|
+#ifdef __x86_64
|
||||||
|
#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
|
||||||
|
defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && \
|
||||||
|
defined(ENABLE_AESNI_SUPPORT) && defined(ENABLE_AVX_SUPPORT)
|
||||||
|
diff -up libgcrypt-1.8.5/cipher/chacha20-avx2-amd64.S.intel-cet libgcrypt-1.8.5/cipher/chacha20-avx2-amd64.S
|
||||||
|
--- libgcrypt-1.8.5/cipher/chacha20-avx2-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
||||||
|
+++ libgcrypt-1.8.5/cipher/chacha20-avx2-amd64.S 2020-01-23 15:36:16.780250066 +0100
|
||||||
|
@@ -48,6 +48,9 @@
|
||||||
|
.globl _gcry_chacha20_amd64_avx2_blocks
|
||||||
|
ELF(.type _gcry_chacha20_amd64_avx2_blocks,@function;)
|
||||||
|
_gcry_chacha20_amd64_avx2_blocks:
|
||||||
|
+#ifdef _CET_ENDBR
|
||||||
|
+ _CET_ENDBR
|
||||||
|
+#endif
|
||||||
|
.Lchacha_blocks_avx2_local:
|
||||||
|
vzeroupper
|
||||||
|
pushq %rbx
|
||||||
|
diff -up libgcrypt-1.8.5/cipher/chacha20-sse2-amd64.S.intel-cet libgcrypt-1.8.5/cipher/chacha20-sse2-amd64.S
|
||||||
|
--- libgcrypt-1.8.5/cipher/chacha20-sse2-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
||||||
|
+++ libgcrypt-1.8.5/cipher/chacha20-sse2-amd64.S 2020-01-23 15:36:16.783250095 +0100
|
||||||
|
@@ -41,6 +41,9 @@
|
||||||
|
.globl _gcry_chacha20_amd64_sse2_blocks
|
||||||
|
ELF(.type _gcry_chacha20_amd64_sse2_blocks,@function;)
|
||||||
|
_gcry_chacha20_amd64_sse2_blocks:
|
||||||
|
+#ifdef _CET_ENDBR
|
||||||
|
+ _CET_ENDBR
|
||||||
|
+#endif
|
||||||
|
.Lchacha_blocks_sse2_local:
|
||||||
|
pushq %rbx
|
||||||
|
pushq %rbp
|
||||||
|
diff -up libgcrypt-1.8.5/cipher/poly1305-avx2-amd64.S.intel-cet libgcrypt-1.8.5/cipher/poly1305-avx2-amd64.S
|
||||||
|
--- libgcrypt-1.8.5/cipher/poly1305-avx2-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
||||||
|
+++ libgcrypt-1.8.5/cipher/poly1305-avx2-amd64.S 2020-01-23 15:36:16.784250105 +0100
|
||||||
|
@@ -43,6 +43,9 @@
|
||||||
|
.globl _gcry_poly1305_amd64_avx2_init_ext
|
||||||
|
ELF(.type _gcry_poly1305_amd64_avx2_init_ext,@function;)
|
||||||
|
_gcry_poly1305_amd64_avx2_init_ext:
|
||||||
|
+#ifdef _CET_ENDBR
|
||||||
|
+ _CET_ENDBR
|
||||||
|
+#endif
|
||||||
|
.Lpoly1305_init_ext_avx2_local:
|
||||||
|
xor %edx, %edx
|
||||||
|
vzeroupper
|
||||||
|
@@ -406,6 +409,9 @@ ELF(.size _gcry_poly1305_amd64_avx2_init
|
||||||
|
.globl _gcry_poly1305_amd64_avx2_blocks
|
||||||
|
ELF(.type _gcry_poly1305_amd64_avx2_blocks,@function;)
|
||||||
|
_gcry_poly1305_amd64_avx2_blocks:
|
||||||
|
+#ifdef _CET_ENDBR
|
||||||
|
+ _CET_ENDBR
|
||||||
|
+#endif
|
||||||
|
.Lpoly1305_blocks_avx2_local:
|
||||||
|
vzeroupper
|
||||||
|
pushq %rbp
|
||||||
|
@@ -732,6 +738,9 @@ ELF(.size _gcry_poly1305_amd64_avx2_bloc
|
||||||
|
.globl _gcry_poly1305_amd64_avx2_finish_ext
|
||||||
|
ELF(.type _gcry_poly1305_amd64_avx2_finish_ext,@function;)
|
||||||
|
_gcry_poly1305_amd64_avx2_finish_ext:
|
||||||
|
+#ifdef _CET_ENDBR
|
||||||
|
+ _CET_ENDBR
|
||||||
|
+#endif
|
||||||
|
.Lpoly1305_finish_ext_avx2_local:
|
||||||
|
vzeroupper
|
||||||
|
pushq %rbp
|
||||||
|
diff -up libgcrypt-1.8.5/cipher/poly1305-sse2-amd64.S.intel-cet libgcrypt-1.8.5/cipher/poly1305-sse2-amd64.S
|
||||||
|
--- libgcrypt-1.8.5/cipher/poly1305-sse2-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
||||||
|
+++ libgcrypt-1.8.5/cipher/poly1305-sse2-amd64.S 2020-01-23 15:36:16.787250134 +0100
|
||||||
|
@@ -42,6 +42,9 @@
|
||||||
|
.globl _gcry_poly1305_amd64_sse2_init_ext
|
||||||
|
ELF(.type _gcry_poly1305_amd64_sse2_init_ext,@function;)
|
||||||
|
_gcry_poly1305_amd64_sse2_init_ext:
|
||||||
|
+#ifdef _CET_ENDBR
|
||||||
|
+ _CET_ENDBR
|
||||||
|
+#endif
|
||||||
|
.Lpoly1305_init_ext_x86_local:
|
||||||
|
xor %edx, %edx
|
||||||
|
pushq %r12
|
||||||
|
@@ -288,6 +291,9 @@ ELF(.size _gcry_poly1305_amd64_sse2_init
|
||||||
|
.globl _gcry_poly1305_amd64_sse2_finish_ext
|
||||||
|
ELF(.type _gcry_poly1305_amd64_sse2_finish_ext,@function;)
|
||||||
|
_gcry_poly1305_amd64_sse2_finish_ext:
|
||||||
|
+#ifdef _CET_ENDBR
|
||||||
|
+ _CET_ENDBR
|
||||||
|
+#endif
|
||||||
|
.Lpoly1305_finish_ext_x86_local:
|
||||||
|
pushq %rbp
|
||||||
|
movq %rsp, %rbp
|
||||||
|
@@ -439,6 +445,9 @@ ELF(.size _gcry_poly1305_amd64_sse2_fini
|
||||||
|
.globl _gcry_poly1305_amd64_sse2_blocks
|
||||||
|
ELF(.type _gcry_poly1305_amd64_sse2_blocks,@function;)
|
||||||
|
_gcry_poly1305_amd64_sse2_blocks:
|
||||||
|
+#ifdef _CET_ENDBR
|
||||||
|
+ _CET_ENDBR
|
||||||
|
+#endif
|
||||||
|
.Lpoly1305_blocks_x86_local:
|
||||||
|
pushq %rbp
|
||||||
|
movq %rsp, %rbp
|
||||||
|
diff -up libgcrypt-1.8.5/cipher/serpent-avx2-amd64.S.intel-cet libgcrypt-1.8.5/cipher/serpent-avx2-amd64.S
|
||||||
|
--- libgcrypt-1.8.5/cipher/serpent-avx2-amd64.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
||||||
|
+++ libgcrypt-1.8.5/cipher/serpent-avx2-amd64.S 2020-01-23 15:36:44.151972003 +0100
|
||||||
|
@@ -18,8 +18,9 @@
|
||||||
|
* License along with this program; if not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
-#ifdef __x86_64
|
||||||
|
#include <config.h>
|
||||||
|
+
|
||||||
|
+#ifdef __x86_64
|
||||||
|
#if (defined(HAVE_COMPATIBLE_GCC_AMD64_PLATFORM_AS) || \
|
||||||
|
defined(HAVE_COMPATIBLE_GCC_WIN64_PLATFORM_AS)) && defined(USE_SERPENT) && \
|
||||||
|
defined(ENABLE_AVX2_SUPPORT)
|
||||||
|
diff -up libgcrypt-1.8.5/configure.ac.intel-cet libgcrypt-1.8.5/configure.ac
|
||||||
|
--- libgcrypt-1.8.5/configure.ac.intel-cet 2019-08-29 15:00:08.000000000 +0200
|
||||||
|
+++ libgcrypt-1.8.5/configure.ac 2020-01-23 15:35:28.147774463 +0100
|
||||||
|
@@ -95,6 +95,12 @@ AH_TOP([
|
||||||
|
AH_BOTTOM([
|
||||||
|
#define _GCRYPT_IN_LIBGCRYPT 1
|
||||||
|
|
||||||
|
+/* Add .note.gnu.property section for Intel CET in assembler sources
|
||||||
|
+ when CET is enabled. */
|
||||||
|
+#if defined(__ASSEMBLER__) && defined(__CET__)
|
||||||
|
+# include <cet.h>
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
/* If the configure check for endianness has been disabled, get it from
|
||||||
|
OS macros. This is intended for making fat binary builds on OS X. */
|
||||||
|
#ifdef DISABLED_ENDIAN_CHECK
|
||||||
|
diff -up libgcrypt-1.8.5/mpi/config.links.intel-cet libgcrypt-1.8.5/mpi/config.links
|
||||||
|
--- libgcrypt-1.8.5/mpi/config.links.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
||||||
|
+++ libgcrypt-1.8.5/mpi/config.links 2020-01-23 15:35:46.398952954 +0100
|
||||||
|
@@ -382,6 +382,16 @@ if test x"$mpi_cpu_arch" = x ; then
|
||||||
|
mpi_cpu_arch="unknown"
|
||||||
|
fi
|
||||||
|
|
||||||
|
+# Add .note.gnu.property section for Intel CET in assembler sources
|
||||||
|
+# when CET is enabled. */
|
||||||
|
+if test x"$mpi_cpu_arch" = xx86 ; then
|
||||||
|
+ cat <<EOF >> ./mpi/asm-syntax.h
|
||||||
|
+
|
||||||
|
+#if defined(__ASSEMBLER__) && defined(__CET__)
|
||||||
|
+# include <cet.h>
|
||||||
|
+#endif
|
||||||
|
+EOF
|
||||||
|
+fi
|
||||||
|
|
||||||
|
# Make sysdep.h
|
||||||
|
echo '/* created by config.links - do not edit */' >./mpi/sysdep.h
|
||||||
|
diff -up libgcrypt-1.8.5/mpi/i386/mpih-add1.S.intel-cet libgcrypt-1.8.5/mpi/i386/mpih-add1.S
|
||||||
|
--- libgcrypt-1.8.5/mpi/i386/mpih-add1.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
||||||
|
+++ libgcrypt-1.8.5/mpi/i386/mpih-add1.S 2020-01-23 15:37:40.470175379 +0100
|
||||||
|
@@ -52,6 +52,10 @@ C_SYMBOL_NAME(_gcry_mpih_add_n:)
|
||||||
|
movl 20(%esp),%edx /* s2_ptr */
|
||||||
|
movl 24(%esp),%ecx /* size */
|
||||||
|
|
||||||
|
+#if defined __CET__ && (__CET__ & 1) != 0
|
||||||
|
+ pushl %ebx
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
movl %ecx,%eax
|
||||||
|
shrl $3,%ecx /* compute count for unrolled loop */
|
||||||
|
negl %eax
|
||||||
|
@@ -63,6 +67,9 @@ C_SYMBOL_NAME(_gcry_mpih_add_n:)
|
||||||
|
subl %eax,%esi /* ... by a constant when we ... */
|
||||||
|
subl %eax,%edx /* ... enter the loop */
|
||||||
|
shrl $2,%eax /* restore previous value */
|
||||||
|
+#if defined __CET__ && (__CET__ & 1) != 0
|
||||||
|
+ leal -4(,%eax,4),%ebx /* Count for 4-byte endbr32 */
|
||||||
|
+#endif
|
||||||
|
#ifdef PIC
|
||||||
|
/* Calculate start address in loop for PIC. Due to limitations in some
|
||||||
|
assemblers, Loop-L0-3 cannot be put into the leal */
|
||||||
|
@@ -75,29 +82,53 @@ L0: leal (%eax,%eax,8),%eax
|
||||||
|
/* Calculate start address in loop for non-PIC. */
|
||||||
|
leal (Loop - 3)(%eax,%eax,8),%eax
|
||||||
|
#endif
|
||||||
|
+#if defined __CET__ && (__CET__ & 1) != 0
|
||||||
|
+ addl %ebx,%eax /* Adjust for endbr32 */
|
||||||
|
+#endif
|
||||||
|
jmp *%eax /* jump into loop */
|
||||||
|
ALIGN (3)
|
||||||
|
Loop: movl (%esi),%eax
|
||||||
|
adcl (%edx),%eax
|
||||||
|
movl %eax,(%edi)
|
||||||
|
+#ifdef _CET_ENDBR
|
||||||
|
+ _CET_ENDBR
|
||||||
|
+#endif
|
||||||
|
movl 4(%esi),%eax
|
||||||
|
adcl 4(%edx),%eax
|
||||||
|
movl %eax,4(%edi)
|
||||||
|
+#ifdef _CET_ENDBR
|
||||||
|
+ _CET_ENDBR
|
||||||
|
+#endif
|
||||||
|
movl 8(%esi),%eax
|
||||||
|
adcl 8(%edx),%eax
|
||||||
|
movl %eax,8(%edi)
|
||||||
|
+#ifdef _CET_ENDBR
|
||||||
|
+ _CET_ENDBR
|
||||||
|
+#endif
|
||||||
|
movl 12(%esi),%eax
|
||||||
|
adcl 12(%edx),%eax
|
||||||
|
movl %eax,12(%edi)
|
||||||
|
+#ifdef _CET_ENDBR
|
||||||
|
+ _CET_ENDBR
|
||||||
|
+#endif
|
||||||
|
movl 16(%esi),%eax
|
||||||
|
adcl 16(%edx),%eax
|
||||||
|
movl %eax,16(%edi)
|
||||||
|
+#ifdef _CET_ENDBR
|
||||||
|
+ _CET_ENDBR
|
||||||
|
+#endif
|
||||||
|
movl 20(%esi),%eax
|
||||||
|
adcl 20(%edx),%eax
|
||||||
|
movl %eax,20(%edi)
|
||||||
|
+#ifdef _CET_ENDBR
|
||||||
|
+ _CET_ENDBR
|
||||||
|
+#endif
|
||||||
|
movl 24(%esi),%eax
|
||||||
|
adcl 24(%edx),%eax
|
||||||
|
movl %eax,24(%edi)
|
||||||
|
+#ifdef _CET_ENDBR
|
||||||
|
+ _CET_ENDBR
|
||||||
|
+#endif
|
||||||
|
movl 28(%esi),%eax
|
||||||
|
adcl 28(%edx),%eax
|
||||||
|
movl %eax,28(%edi)
|
||||||
|
@@ -110,6 +141,10 @@ Loop: movl (%esi),%eax
|
||||||
|
sbbl %eax,%eax
|
||||||
|
negl %eax
|
||||||
|
|
||||||
|
+#if defined __CET__ && (__CET__ & 1) != 0
|
||||||
|
+ popl %ebx
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
popl %esi
|
||||||
|
popl %edi
|
||||||
|
ret
|
||||||
|
diff -up libgcrypt-1.8.5/mpi/i386/mpih-sub1.S.intel-cet libgcrypt-1.8.5/mpi/i386/mpih-sub1.S
|
||||||
|
--- libgcrypt-1.8.5/mpi/i386/mpih-sub1.S.intel-cet 2017-11-23 19:16:58.000000000 +0100
|
||||||
|
+++ libgcrypt-1.8.5/mpi/i386/mpih-sub1.S 2020-01-23 15:37:40.472175351 +0100
|
||||||
|
@@ -53,6 +53,10 @@ C_SYMBOL_NAME(_gcry_mpih_sub_n:)
|
||||||
|
movl 20(%esp),%edx /* s2_ptr */
|
||||||
|
movl 24(%esp),%ecx /* size */
|
||||||
|
|
||||||
|
+#if defined __CET__ && (__CET__ & 1) != 0
|
||||||
|
+ pushl %ebx
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
movl %ecx,%eax
|
||||||
|
shrl $3,%ecx /* compute count for unrolled loop */
|
||||||
|
negl %eax
|
||||||
|
@@ -64,6 +68,9 @@ C_SYMBOL_NAME(_gcry_mpih_sub_n:)
|
||||||
|
subl %eax,%esi /* ... by a constant when we ... */
|
||||||
|
subl %eax,%edx /* ... enter the loop */
|
||||||
|
shrl $2,%eax /* restore previous value */
|
||||||
|
+#if defined __CET__ && (__CET__ & 1) != 0
|
||||||
|
+ leal -4(,%eax,4),%ebx /* Count for 4-byte endbr32 */
|
||||||
|
+#endif
|
||||||
|
#ifdef PIC
|
||||||
|
/* Calculate start address in loop for PIC. Due to limitations in some
|
||||||
|
assemblers, Loop-L0-3 cannot be put into the leal */
|
||||||
|
@@ -76,29 +83,53 @@ L0: leal (%eax,%eax,8),%eax
|
||||||
|
/* Calculate start address in loop for non-PIC. */
|
||||||
|
leal (Loop - 3)(%eax,%eax,8),%eax
|
||||||
|
#endif
|
||||||
|
+#if defined __CET__ && (__CET__ & 1) != 0
|
||||||
|
+ addl %ebx,%eax /* Adjust for endbr32 */
|
||||||
|
+#endif
|
||||||
|
jmp *%eax /* jump into loop */
|
||||||
|
ALIGN (3)
|
||||||
|
Loop: movl (%esi),%eax
|
||||||
|
sbbl (%edx),%eax
|
||||||
|
movl %eax,(%edi)
|
||||||
|
+#ifdef _CET_ENDBR
|
||||||
|
+ _CET_ENDBR
|
||||||
|
+#endif
|
||||||
|
movl 4(%esi),%eax
|
||||||
|
sbbl 4(%edx),%eax
|
||||||
|
movl %eax,4(%edi)
|
||||||
|
+#ifdef _CET_ENDBR
|
||||||
|
+ _CET_ENDBR
|
||||||
|
+#endif
|
||||||
|
movl 8(%esi),%eax
|
||||||
|
sbbl 8(%edx),%eax
|
||||||
|
movl %eax,8(%edi)
|
||||||
|
+#ifdef _CET_ENDBR
|
||||||
|
+ _CET_ENDBR
|
||||||
|
+#endif
|
||||||
|
movl 12(%esi),%eax
|
||||||
|
sbbl 12(%edx),%eax
|
||||||
|
movl %eax,12(%edi)
|
||||||
|
+#ifdef _CET_ENDBR
|
||||||
|
+ _CET_ENDBR
|
||||||
|
+#endif
|
||||||
|
movl 16(%esi),%eax
|
||||||
|
sbbl 16(%edx),%eax
|
||||||
|
movl %eax,16(%edi)
|
||||||
|
+#ifdef _CET_ENDBR
|
||||||
|
+ _CET_ENDBR
|
||||||
|
+#endif
|
||||||
|
movl 20(%esi),%eax
|
||||||
|
sbbl 20(%edx),%eax
|
||||||
|
movl %eax,20(%edi)
|
||||||
|
+#ifdef _CET_ENDBR
|
||||||
|
+ _CET_ENDBR
|
||||||
|
+#endif
|
||||||
|
movl 24(%esi),%eax
|
||||||
|
sbbl 24(%edx),%eax
|
||||||
|
movl %eax,24(%edi)
|
||||||
|
+#ifdef _CET_ENDBR
|
||||||
|
+ _CET_ENDBR
|
||||||
|
+#endif
|
||||||
|
movl 28(%esi),%eax
|
||||||
|
sbbl 28(%edx),%eax
|
||||||
|
movl %eax,28(%edi)
|
||||||
|
@@ -111,6 +142,10 @@ Loop: movl (%esi),%eax
|
||||||
|
sbbl %eax,%eax
|
||||||
|
negl %eax
|
||||||
|
|
||||||
|
+#if defined __CET__ && (__CET__ & 1) != 0
|
||||||
|
+ popl %ebx
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
|
popl %esi
|
||||||
|
popl %edi
|
||||||
|
ret
|
158
SOURCES/libgcrypt-1.8.5-kdf-selftest.patch
Normal file
158
SOURCES/libgcrypt-1.8.5-kdf-selftest.patch
Normal file
@ -0,0 +1,158 @@
|
|||||||
|
diff -up libgcrypt-1.8.5/cipher/kdf.c.kdf-selftest libgcrypt-1.8.5/cipher/kdf.c
|
||||||
|
--- libgcrypt-1.8.5/cipher/kdf.c.kdf-selftest 2017-11-23 19:16:58.000000000 +0100
|
||||||
|
+++ libgcrypt-1.8.5/cipher/kdf.c 2020-06-15 18:14:26.494995669 +0200
|
||||||
|
@@ -305,3 +305,99 @@ _gcry_kdf_derive (const void *passphrase
|
||||||
|
leave:
|
||||||
|
return ec;
|
||||||
|
}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+/* PBKDF2 selftests.
|
||||||
|
+ * Copyright (C) 2008 Free Software Foundation, Inc.
|
||||||
|
+ * Copyright (C) 2019, 2020 Red Hat, Inc.
|
||||||
|
+ */
|
||||||
|
+
|
||||||
|
+/* Check one PBKDF2 call with HASH ALGO using the regular KDF
|
||||||
|
+ * API. (passphrase,passphraselen) is the password to be derived,
|
||||||
|
+ * (salt,saltlen) the salt for the key derivation,
|
||||||
|
+ * iterations is the number of the kdf iterations,
|
||||||
|
+ * and (expect,expectlen) the expected result. Returns NULL on
|
||||||
|
+ * success or a string describing the failure. */
|
||||||
|
+
|
||||||
|
+static const char *
|
||||||
|
+check_one (int algo,
|
||||||
|
+ const void *passphrase, size_t passphraselen,
|
||||||
|
+ const void *salt, size_t saltlen,
|
||||||
|
+ unsigned long iterations,
|
||||||
|
+ const void *expect, size_t expectlen)
|
||||||
|
+{
|
||||||
|
+ unsigned char key[512]; /* hardcoded to avoid allocation */
|
||||||
|
+ size_t keysize = expectlen;
|
||||||
|
+
|
||||||
|
+ if (keysize > sizeof(key))
|
||||||
|
+ return "invalid tests data";
|
||||||
|
+
|
||||||
|
+ if (_gcry_kdf_derive (passphrase, passphraselen, GCRY_KDF_PBKDF2,
|
||||||
|
+ algo, salt, saltlen, iterations,
|
||||||
|
+ keysize, key))
|
||||||
|
+ return "gcry_kdf_derive failed";
|
||||||
|
+
|
||||||
|
+ if (memcmp (key, expect, expectlen))
|
||||||
|
+ return "does not match";
|
||||||
|
+
|
||||||
|
+ return NULL;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+static gpg_err_code_t
|
||||||
|
+run_pbkdf2_selftest (int extended, selftest_report_func_t report)
|
||||||
|
+{
|
||||||
|
+ const char *what;
|
||||||
|
+ const char *errtxt;
|
||||||
|
+
|
||||||
|
+ what = "Basic PBKDF2 SHA256";
|
||||||
|
+ errtxt = check_one (GCRY_MD_SHA256,
|
||||||
|
+ "password", 8,
|
||||||
|
+ "salt", 4,
|
||||||
|
+ 2,
|
||||||
|
+ "\xae\x4d\x0c\x95\xaf\x6b\x46\xd3\x2d\x0a\xdf\xf9\x28\xf0\x6d\xd0"
|
||||||
|
+ "\x2a\x30\x3f\x8e\xf3\xc2\x51\xdf\xd6\xe2\xd8\x5a\x95\x47\x4c\x43", 32);
|
||||||
|
+ if (errtxt)
|
||||||
|
+ goto failed;
|
||||||
|
+
|
||||||
|
+ if (extended)
|
||||||
|
+ {
|
||||||
|
+ what = "Extended PBKDF2 SHA256";
|
||||||
|
+ errtxt = check_one (GCRY_MD_SHA256,
|
||||||
|
+ "passwordPASSWORDpassword", 24,
|
||||||
|
+ "saltSALTsaltSALTsaltSALTsaltSALTsalt", 36,
|
||||||
|
+ 4096,
|
||||||
|
+ "\x34\x8c\x89\xdb\xcb\xd3\x2b\x2f\x32\xd8\x14\xb8\x11\x6e\x84\xcf"
|
||||||
|
+ "\x2b\x17\x34\x7e\xbc\x18\x00\x18\x1c\x4e\x2a\x1f\xb8\xdd\x53\xe1"
|
||||||
|
+ "\xc6\x35\x51\x8c\x7d\xac\x47\xe9", 40);
|
||||||
|
+ if (errtxt)
|
||||||
|
+ goto failed;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
+ return 0; /* Succeeded. */
|
||||||
|
+
|
||||||
|
+ failed:
|
||||||
|
+ if (report)
|
||||||
|
+ report ("kdf", GCRY_KDF_PBKDF2, what, errtxt);
|
||||||
|
+ return GPG_ERR_SELFTEST_FAILED;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
+
|
||||||
|
+/* Run the selftests for KDF with KDF algorithm ALGO with optional
|
||||||
|
+ reporting function REPORT. */
|
||||||
|
+gpg_error_t
|
||||||
|
+_gcry_kdf_selftest (int algo, int extended, selftest_report_func_t report)
|
||||||
|
+{
|
||||||
|
+ gcry_err_code_t ec = 0;
|
||||||
|
+
|
||||||
|
+ if (algo == GCRY_KDF_PBKDF2)
|
||||||
|
+ {
|
||||||
|
+ ec = run_pbkdf2_selftest (extended, report);
|
||||||
|
+ }
|
||||||
|
+ else
|
||||||
|
+ {
|
||||||
|
+ ec = GPG_ERR_UNSUPPORTED_ALGORITHM;
|
||||||
|
+ if (report)
|
||||||
|
+ report ("kdf", algo, "module", "algorithm not available");
|
||||||
|
+ }
|
||||||
|
+ return gpg_error (ec);
|
||||||
|
+}
|
||||||
|
diff -up libgcrypt-1.8.5/src/cipher-proto.h.kdf-selftest libgcrypt-1.8.5/src/cipher-proto.h
|
||||||
|
--- libgcrypt-1.8.5/src/cipher-proto.h.kdf-selftest 2020-06-15 18:03:25.785353036 +0200
|
||||||
|
+++ libgcrypt-1.8.5/src/cipher-proto.h 2020-06-15 18:03:25.788353061 +0200
|
||||||
|
@@ -259,6 +259,8 @@ gcry_error_t _gcry_hmac_selftest (int al
|
||||||
|
selftest_report_func_t report);
|
||||||
|
gcry_error_t _gcry_cmac_selftest (int algo, int extended,
|
||||||
|
selftest_report_func_t report);
|
||||||
|
+gcry_error_t _gcry_kdf_selftest (int algo, int extended,
|
||||||
|
+ selftest_report_func_t report);
|
||||||
|
|
||||||
|
gcry_error_t _gcry_random_selftest (selftest_report_func_t report);
|
||||||
|
|
||||||
|
diff -up libgcrypt-1.8.5/src/fips.c.kdf-selftest libgcrypt-1.8.5/src/fips.c
|
||||||
|
--- libgcrypt-1.8.5/src/fips.c.kdf-selftest 2020-06-15 18:03:25.777352968 +0200
|
||||||
|
+++ libgcrypt-1.8.5/src/fips.c 2020-06-15 18:08:40.651028096 +0200
|
||||||
|
@@ -490,6 +490,29 @@ run_mac_selftests (int extended)
|
||||||
|
return anyerr;
|
||||||
|
}
|
||||||
|
|
||||||
|
+/* Run self-tests for all KDF algorithms. Return 0 on success. */
|
||||||
|
+static int
|
||||||
|
+run_kdf_selftests (int extended)
|
||||||
|
+{
|
||||||
|
+ static int algos[] =
|
||||||
|
+ {
|
||||||
|
+ GCRY_KDF_PBKDF2,
|
||||||
|
+ 0
|
||||||
|
+ };
|
||||||
|
+ int idx;
|
||||||
|
+ gpg_error_t err;
|
||||||
|
+ int anyerr = 0;
|
||||||
|
+
|
||||||
|
+ for (idx=0; algos[idx]; idx++)
|
||||||
|
+ {
|
||||||
|
+ err = _gcry_kdf_selftest (algos[idx], extended, reporter);
|
||||||
|
+ reporter ("kdf", algos[idx], NULL, err? gpg_strerror (err):NULL);
|
||||||
|
+ if (err)
|
||||||
|
+ anyerr = 1;
|
||||||
|
+ }
|
||||||
|
+ return anyerr;
|
||||||
|
+}
|
||||||
|
+
|
||||||
|
|
||||||
|
/* Run self-tests for all required public key algorithms. Return 0 on
|
||||||
|
success. */
|
||||||
|
@@ -673,6 +696,9 @@ _gcry_fips_run_selftests (int extended)
|
||||||
|
if (run_mac_selftests (extended))
|
||||||
|
goto leave;
|
||||||
|
|
||||||
|
+ if (run_kdf_selftests (extended))
|
||||||
|
+ goto leave;
|
||||||
|
+
|
||||||
|
/* Run random tests before the pubkey tests because the latter
|
||||||
|
require random. */
|
||||||
|
if (run_random_selftests ())
|
@ -1,7 +1,7 @@
|
|||||||
diff -up libgcrypt-1.6.2/src/fips.c.use-fipscheck libgcrypt-1.6.2/src/fips.c
|
diff -up libgcrypt-1.8.5/src/fips.c.use-fipscheck libgcrypt-1.8.5/src/fips.c
|
||||||
--- libgcrypt-1.6.2/src/fips.c.use-fipscheck 2014-08-21 14:50:39.000000000 +0200
|
--- libgcrypt-1.8.5/src/fips.c.use-fipscheck 2017-11-23 19:16:58.000000000 +0100
|
||||||
+++ libgcrypt-1.6.2/src/fips.c 2014-09-26 11:42:20.999588282 +0200
|
+++ libgcrypt-1.8.5/src/fips.c 2020-04-23 10:18:36.235764741 +0200
|
||||||
@@ -578,23 +578,50 @@ run_random_selftests (void)
|
@@ -581,23 +581,50 @@ run_random_selftests (void)
|
||||||
return !!err;
|
return !!err;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -57,7 +57,7 @@ diff -up libgcrypt-1.6.2/src/fips.c.use-fipscheck libgcrypt-1.6.2/src/fips.c
|
|||||||
key, strlen (key));
|
key, strlen (key));
|
||||||
if (dlen < 0)
|
if (dlen < 0)
|
||||||
err = gpg_error_from_syserror ();
|
err = gpg_error_from_syserror ();
|
||||||
@@ -602,7 +629,7 @@ check_binary_integrity (void)
|
@@ -605,7 +632,7 @@ check_binary_integrity (void)
|
||||||
err = gpg_error (GPG_ERR_INTERNAL);
|
err = gpg_error (GPG_ERR_INTERNAL);
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -66,7 +66,7 @@ diff -up libgcrypt-1.6.2/src/fips.c.use-fipscheck libgcrypt-1.6.2/src/fips.c
|
|||||||
if (!fname)
|
if (!fname)
|
||||||
err = gpg_error_from_syserror ();
|
err = gpg_error_from_syserror ();
|
||||||
else
|
else
|
||||||
@@ -611,7 +638,7 @@ check_binary_integrity (void)
|
@@ -614,7 +641,7 @@ check_binary_integrity (void)
|
||||||
char *p;
|
char *p;
|
||||||
|
|
||||||
/* Prefix the basename with a dot. */
|
/* Prefix the basename with a dot. */
|
||||||
@ -75,15 +75,15 @@ diff -up libgcrypt-1.6.2/src/fips.c.use-fipscheck libgcrypt-1.6.2/src/fips.c
|
|||||||
p = strrchr (fname, '/');
|
p = strrchr (fname, '/');
|
||||||
if (p)
|
if (p)
|
||||||
p++;
|
p++;
|
||||||
diff -up libgcrypt-1.6.2/src/Makefile.in.use-fipscheck libgcrypt-1.6.2/src/Makefile.in
|
diff -up libgcrypt-1.8.5/src/Makefile.am.use-fipscheck libgcrypt-1.8.5/src/Makefile.am
|
||||||
--- libgcrypt-1.6.2/src/Makefile.in.use-fipscheck 2014-08-21 15:14:08.000000000 +0200
|
--- libgcrypt-1.8.5/src/Makefile.am.use-fipscheck 2020-04-23 10:18:36.237764702 +0200
|
||||||
+++ libgcrypt-1.6.2/src/Makefile.in 2014-09-26 11:41:13.271059281 +0200
|
+++ libgcrypt-1.8.5/src/Makefile.am 2020-04-23 10:19:03.186247455 +0200
|
||||||
@@ -449,7 +449,7 @@ libgcrypt_la_LIBADD = $(gcrypt_res) \
|
@@ -125,7 +125,7 @@ libgcrypt_la_LIBADD = $(gcrypt_res) \
|
||||||
../cipher/libcipher.la \
|
../cipher/libcipher.la \
|
||||||
../random/librandom.la \
|
../random/librandom.la \
|
||||||
../mpi/libmpi.la \
|
../mpi/libmpi.la \
|
||||||
- ../compat/libcompat.la $(GPG_ERROR_LIBS)
|
- ../compat/libcompat.la $(GPG_ERROR_LIBS)
|
||||||
+ ../compat/libcompat.la $(GPG_ERROR_LIBS) -ldl
|
+ ../compat/libcompat.la $(GPG_ERROR_LIBS) -ldl
|
||||||
|
|
||||||
|
|
||||||
dumpsexp_SOURCES = dumpsexp.c
|
dumpsexp_SOURCES = dumpsexp.c
|
||||||
dumpsexp_CFLAGS = $(arch_gpg_error_cflags)
|
|
@ -1,5 +1,5 @@
|
|||||||
Name: libgcrypt
|
Name: libgcrypt
|
||||||
Version: 1.8.3
|
Version: 1.8.5
|
||||||
Release: 4%{?dist}
|
Release: 4%{?dist}
|
||||||
URL: http://www.gnupg.org/
|
URL: http://www.gnupg.org/
|
||||||
Source0: libgcrypt-%{version}-hobbled.tar.xz
|
Source0: libgcrypt-%{version}-hobbled.tar.xz
|
||||||
@ -18,13 +18,15 @@ Source6: t-mpi-point.c
|
|||||||
Source7: random.conf
|
Source7: random.conf
|
||||||
# make FIPS hmac compatible with fipscheck - non upstreamable
|
# make FIPS hmac compatible with fipscheck - non upstreamable
|
||||||
# update on soname bump
|
# update on soname bump
|
||||||
Patch2: libgcrypt-1.6.2-use-fipscheck.patch
|
Patch2: libgcrypt-1.8.5-use-fipscheck.patch
|
||||||
# fix tests in the FIPS mode, allow CAVS testing of DSA keygen
|
# modify FIPS RSA and DSA keygen to comply with requirements
|
||||||
Patch5: libgcrypt-1.8.0-tests.patch
|
Patch5: libgcrypt-1.8.4-fips-keygen.patch
|
||||||
|
# fix the tests to work correctly in the FIPS mode
|
||||||
|
Patch6: libgcrypt-1.8.4-tests-fipsmode.patch
|
||||||
# update the CAVS tests
|
# update the CAVS tests
|
||||||
Patch7: libgcrypt-1.7.3-fips-cavs.patch
|
Patch7: libgcrypt-1.7.3-fips-cavs.patch
|
||||||
# use poll instead of select when gathering randomness
|
# use poll instead of select when gathering randomness
|
||||||
Patch11: libgcrypt-1.8.0-use-poll.patch
|
Patch11: libgcrypt-1.8.4-use-poll.patch
|
||||||
# slight optimalization of mpicoder.c to silence Valgrind (#968288)
|
# slight optimalization of mpicoder.c to silence Valgrind (#968288)
|
||||||
Patch13: libgcrypt-1.6.1-mpicoder-gccopt.patch
|
Patch13: libgcrypt-1.6.1-mpicoder-gccopt.patch
|
||||||
# fix tests to work with approved ECC
|
# fix tests to work with approved ECC
|
||||||
@ -34,13 +36,23 @@ Patch18: libgcrypt-1.8.3-fips-ctor.patch
|
|||||||
# Block some operations if in FIPS non-operational state
|
# Block some operations if in FIPS non-operational state
|
||||||
Patch22: libgcrypt-1.7.3-fips-reqs.patch
|
Patch22: libgcrypt-1.7.3-fips-reqs.patch
|
||||||
# Do not try to open /dev/urandom if getrandom() works
|
# Do not try to open /dev/urandom if getrandom() works
|
||||||
Patch24: libgcrypt-1.8.3-getrandom.patch
|
Patch24: libgcrypt-1.8.5-getrandom.patch
|
||||||
# CMAC selftest for FIPS POST
|
# CMAC selftest for FIPS POST
|
||||||
Patch25: libgcrypt-1.8.3-cmac-selftest.patch
|
Patch25: libgcrypt-1.8.3-cmac-selftest.patch
|
||||||
# Continuous FIPS entropy test
|
# Continuous FIPS entropy test
|
||||||
Patch26: libgcrypt-1.8.3-fips-enttest.patch
|
Patch26: libgcrypt-1.8.3-fips-enttest.patch
|
||||||
# Disable non-approved FIPS hashes in the enforced FIPS mode
|
# Disable non-approved FIPS hashes in the enforced FIPS mode
|
||||||
Patch27: libgcrypt-1.8.3-md-fips-enforce.patch
|
Patch27: libgcrypt-1.8.3-md-fips-enforce.patch
|
||||||
|
# Intel CET support, in upstream master
|
||||||
|
Patch28: libgcrypt-1.8.5-intel-cet.patch
|
||||||
|
# Fix build on ARMv7
|
||||||
|
Patch29: libgcrypt-1.8.5-build.patch
|
||||||
|
# FIPS module is redefined a little bit (implicit by kernel FIPS mode)
|
||||||
|
Patch30: libgcrypt-1.8.5-fips-module.patch
|
||||||
|
# Backported AES performance improvements
|
||||||
|
Patch31: libgcrypt-1.8.5-aes-perf.patch
|
||||||
|
# FIPS selftest for PBKDF2
|
||||||
|
Patch32: libgcrypt-1.8.5-kdf-selftest.patch
|
||||||
|
|
||||||
%define gcrylibdir %{_libdir}
|
%define gcrylibdir %{_libdir}
|
||||||
|
|
||||||
@ -54,12 +66,11 @@ BuildRequires: gawk, libgpg-error-devel >= 1.11, pkgconfig
|
|||||||
BuildRequires: fipscheck
|
BuildRequires: fipscheck
|
||||||
# This is needed only when patching the .texi doc.
|
# This is needed only when patching the .texi doc.
|
||||||
BuildRequires: texinfo
|
BuildRequires: texinfo
|
||||||
Group: System Environment/Libraries
|
BuildRequires: autoconf, automake, libtool
|
||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
Summary: Development files for the %{name} package
|
Summary: Development files for the %{name} package
|
||||||
License: LGPLv2+ and GPLv2+
|
License: LGPLv2+ and GPLv2+
|
||||||
Group: Development/Libraries
|
|
||||||
Requires(pre): /sbin/install-info
|
Requires(pre): /sbin/install-info
|
||||||
Requires(post): /sbin/install-info
|
Requires(post): /sbin/install-info
|
||||||
Requires: libgpg-error-devel
|
Requires: libgpg-error-devel
|
||||||
@ -78,7 +89,8 @@ applications using libgcrypt.
|
|||||||
%setup -q
|
%setup -q
|
||||||
%{SOURCE3}
|
%{SOURCE3}
|
||||||
%patch2 -p1 -b .use-fipscheck
|
%patch2 -p1 -b .use-fipscheck
|
||||||
%patch5 -p1 -b .tests
|
%patch5 -p1 -b .fips-keygen
|
||||||
|
%patch6 -p1 -b .tests-fipsmode
|
||||||
%patch7 -p1 -b .cavs
|
%patch7 -p1 -b .cavs
|
||||||
%patch11 -p1 -b .use-poll
|
%patch11 -p1 -b .use-poll
|
||||||
%patch13 -p1 -b .gccopt
|
%patch13 -p1 -b .gccopt
|
||||||
@ -89,11 +101,17 @@ applications using libgcrypt.
|
|||||||
%patch25 -p1 -b .cmac-selftest
|
%patch25 -p1 -b .cmac-selftest
|
||||||
%patch26 -p1 -b .fips-enttest
|
%patch26 -p1 -b .fips-enttest
|
||||||
%patch27 -p1 -b .fips-enforce
|
%patch27 -p1 -b .fips-enforce
|
||||||
|
%patch28 -p1 -b .intel-cet
|
||||||
|
%patch29 -p1 -b .build
|
||||||
|
%patch30 -p1 -b .fips-module
|
||||||
|
%patch31 -p1 -b .aes-perf
|
||||||
|
%patch32 -p1 -b .kdf-selftest
|
||||||
|
|
||||||
cp %{SOURCE4} cipher/
|
cp %{SOURCE4} cipher/
|
||||||
cp %{SOURCE5} %{SOURCE6} tests/
|
cp %{SOURCE5} %{SOURCE6} tests/
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
autoreconf -f
|
||||||
%configure --disable-static \
|
%configure --disable-static \
|
||||||
%ifarch sparc64
|
%ifarch sparc64
|
||||||
--disable-asm \
|
--disable-asm \
|
||||||
@ -161,6 +179,9 @@ popd
|
|||||||
mkdir -p -m 755 $RPM_BUILD_ROOT/etc/gcrypt
|
mkdir -p -m 755 $RPM_BUILD_ROOT/etc/gcrypt
|
||||||
install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/gcrypt/random.conf
|
install -m644 %{SOURCE7} $RPM_BUILD_ROOT/etc/gcrypt/random.conf
|
||||||
|
|
||||||
|
# Drop the pkgconfig as it would require an updated libgpg-error
|
||||||
|
rm $RPM_BUILD_ROOT/%{_libdir}/pkgconfig/libgcrypt.pc
|
||||||
|
|
||||||
%post -p /sbin/ldconfig
|
%post -p /sbin/ldconfig
|
||||||
|
|
||||||
%postun -p /sbin/ldconfig
|
%postun -p /sbin/ldconfig
|
||||||
@ -200,6 +221,15 @@ exit 0
|
|||||||
%license COPYING
|
%license COPYING
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Jun 15 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-4
|
||||||
|
- add PBKDF2 selftest for FIPS POST
|
||||||
|
|
||||||
|
* Tue Apr 28 2020 Tomáš Mráz <tmraz@redhat.com> 1.8.5-3
|
||||||
|
- new upstream version 1.8.5
|
||||||
|
- AES performance improvements backported from master branch
|
||||||
|
- FIPS module is implicit with kernel FIPS flag
|
||||||
|
- always run the FIPS selftests if FIPS module is installed
|
||||||
|
|
||||||
* Mon Jun 24 2019 Tomáš Mráz <tmraz@redhat.com> 1.8.3-4
|
* Mon Jun 24 2019 Tomáš Mráz <tmraz@redhat.com> 1.8.3-4
|
||||||
- improve the continuous FIPS entropy test
|
- improve the continuous FIPS entropy test
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user